Bug 625877 (CVE-2010-3056) - CVE-2010-3056 phpMyAdmin: several XSS vulnerabilities fixed in 3.3.5.1/2.11.10.1
Summary: CVE-2010-3056 phpMyAdmin: several XSS vulnerabilities fixed in 3.3.5.1/2.11.10.1
Status: CLOSED ERRATA
Alias: CVE-2010-3056
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20100820,reported=20100820,sou...
Keywords: Security
Depends On: 625878
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-20 17:03 UTC by Vincent Danen
Modified: 2016-03-04 12:04 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-03-21 16:12:13 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Vincent Danen 2010-08-20 17:03:12 UTC
Several cross-site scripting (XSS) vulnerabilities were found in phpMyAdmin versions prior to 2.11.10.1 and 3.3.5.1 [1].  A remote attacker was able to conduct an XSS attack using crafted URLs or POST parameters on several pages.  This issue has been assigned the name CVE-2010-3056.

[1] http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php

Comment 1 Vincent Danen 2010-08-20 17:04:09 UTC
Created phpMyAdmin tracking bugs for this issue

Affects: fedora-all [bug 625878]

Comment 2 Robert Scheck 2011-03-21 15:52:26 UTC
I think this bug report should be closed, shouldn't it?

Comment 3 Tomas Hoger 2011-03-21 16:12:13 UTC
Feel free to close phpMyAdmin bugs if there's no action left for Fedora and EPEL.  It's not part of any other "product" at the moment.

Comment 4 Robert Scheck 2011-03-21 16:18:31 UTC
Tomas, I'm not allowed to close this bug report, because the product is
"Security Response", which is not Fedora/EPEL...that's why I asked.


Note You need to log in before you can comment on or make changes to this bug.