Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4480 to the following vulnerability: Name: CVE-2010-4480 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4480 Assigned: 20101207 Reference: EXPLOIT-DB:15699 Reference: URL: http://www.exploit-db.com/exploits/15699 Reference: VUPEN:ADV-2010-3133 Reference: URL: http://www.vupen.com/english/advisories/2010/3133 error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". No new version of phpMyAdmin is available as of yet, but the following looks like the relevant commit to fix this issue: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=aa6fec0532a9dd48d4e35831c1b1c9785c124dd7
The upstream advisory is here: http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php
Created phpMyAdmin tracking bugs for this issue Affects: fedora-all [bug 662367]
May somebody please close this report? phpMyAdmin 3.3.10 is on all active Fedora and EPEL branches available that have PHP >= 5.2.
(In reply to comment #3) > May somebody please close this report? phpMyAdmin 3.3.10 is on all active > Fedora and EPEL branches available that have PHP >= 5.2. Done. Thanks Robert.