Red Hat Bugzilla – Bug 733475
CVE-2011-3181 phpMyAdmin XSS flaw
Last modified: 2016-03-04 06:44:03 EST
From the upstream advisory:
Multiple XSS in the Tracking feature.
Missing sanitization on the table, column and index names leads to XSS
We consider this vulnerability to be serious.
An attacker must be logged in via phpMyAdmin to exploit this problem.
Versions 3.3.0 to 22.214.171.124 are affected.
Upgrade to phpMyAdmin 126.96.36.199 or 3.4.4 or apply the related patch listed
This issue was found by Norman Hippert from The-Wildcat.de.
Assigned CVE ids: CVE-2011-3181
CWE ids: CWE-661 CWE-98
Created phpMyAdmin tracking bugs for this issue
Affects: fedora-all [bug 733477]
Affects: epel-4 [bug 733478]
Affects: epel-5 [bug 733479]
Affects: epel-6 [bug 733480]
Josh, you did a lookup mistake, I think. EPEL 4 and 5 are *not* affected,
because they ship phpMyAdmin 2.x, just EPEL 6 and all Fedora releases.