Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4480 to
the following vulnerability:
Reference: URL: http://www.exploit-db.com/exploits/15699
Reference: URL: http://www.vupen.com/english/advisories/2010/3133
error.php in PhpMyAdmin 126.96.36.199 and earlier allows remote attackers to
conduct cross-site scripting (XSS) attacks via a crafted BBcode tag
containing "@" characters, as demonstrated using "[a@url@page]".
No new version of phpMyAdmin is available as of yet, but the following looks like the relevant commit to fix this issue:
The upstream advisory is here:
Created phpMyAdmin tracking bugs for this issue
Affects: fedora-all [bug 662367]
May somebody please close this report? phpMyAdmin 3.3.10 is on all active
Fedora and EPEL branches available that have PHP >= 5.2.
(In reply to comment #3)
> May somebody please close this report? phpMyAdmin 3.3.10 is on all active
> Fedora and EPEL branches available that have PHP >= 5.2.
Done. Thanks Robert.