The following XSS issues were found in phpMyAdmin: By sending a specially crafted URL as part of the HOST header, it is possible to trigger an XSS attack. A weakness was found that allows an XSS attack with Internet Explorer versions older than 8 and Safari on Windows using a specially crafted URL. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. Using a crafted parameter value, it is possible to trigger an XSS attack in user accounts page. Using a crafted parameter value, it is possible to trigger an XSS attack in zoom search page. Affected Versions: Versions 4.0.x (prior to 4.0.10.15), 4.4.x (prior to 4.4.15.5) and 4.5.x (prior to 4.5.5.1) are affected. Fixed in: phpMyAdmin 4.0.10.15, 4.4.15.4, and 4.5.5.1 External References: https://www.phpmyadmin.net/security/PMASA-2016-11/
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1313225] Affects: epel-all [bug 1313226]
Created phpMyAdmin4 tracking bugs for this issue: Affects: epel-5 [bug 1313227]
Upstream patches: https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078 https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4 https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32 https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f
phpMyAdmin-4.0.10.15-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
php-udan11-sql-parser-3.4.0-1.fc23, phpMyAdmin-4.5.5.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.4.15.5-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin4-4.0.10.15-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.