Bug 870010 - (CVE-2012-5339) CVE-2012-5339 phpMyAdmin: Multiple XSS flaws due unescaped HTML output in Trigger, Procedure and Event pages (PMASA-2012-6)
CVE-2012-5339 phpMyAdmin: Multiple XSS flaws due unescaped HTML output in Tri...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 849010
  Show dependency treegraph
Reported: 2012-10-25 07:08 EDT by Jan Lieskovsky
Modified: 2016-03-04 05:56 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-07-19 11:41:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-10-25 07:08:01 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5339 to the following vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5339
[2] http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php
[3] https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611
[4] https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186
Comment 1 Jan Lieskovsky 2012-10-25 07:11:35 EDT
The following updates have been created to correct this issue in phpMyAdmin package versions, as shipped with Fedora and Fedora EPEL:
1) phpMyAdmin-3.5.3-1.fc17 for Fedora 17,
2) phpMyAdmin-3.5.3-1.fc16 for Fedora 16,
3) phpMyAdmin-3.5.3-1.el6 for Fedora EPEL 6
4) phpMyAdmin3-3.5.3-1.el5 for Fedora EPEL 5.

This issue did NOT affect the version of the phpMyAdmin package (2.X based) as shipped with Fedora EPEL 5.

Note You need to log in before you can comment on or make changes to this bug.