A cross-site scripting (XSS) flaw was found in the way phpMyAdmin, a tool written in PHP intended to handle the administration of MySQL over the World Wide Web, used to sanitize object name when the TextLinkTransformationPlugin was used to create a link to an object when displaying contents of a table. Upstream advisory: [1] http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php Relevant patch: [2] https://github.com/phpmyadmin/phpmyadmin/commit/e0c8704f725c56c87b644676ded94dba695de39f
This issue did not affect the latest version of the phpMyAdmin package, as shipped with Fedora 18, 19, Fedora EPEL-6, and Fedora EPEL-5.
The CVE identifier of CVE-2013-5001 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/07/30/1