The following XSS issues were found in phpMyAdmin: With a crafted table/column name it is possible to trigger an XSS attack in the database normalization page. With a crafted parameter it is possible to trigger an XSS attack in the database structure page. With a crafted parameter it is possible to trigger an XSS attack in central columns page. Affected Versions: Versions 4.4.x (prior to 4.4.15.5) and 4.5.x (prior to 4.5.5.1) are affected. Fixed in: phpMyAdmin 4.4.15.4 and 4.5.5.1 External References: https://www.phpmyadmin.net/security/PMASA-2016-12/
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1313225] Affects: epel-all [bug 1313226]
Created phpMyAdmin4 tracking bugs for this issue: Affects: epel-5 [bug 1313227]
Upstream patches: https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372 https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775 https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
phpMyAdmin-4.0.10.15-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
php-udan11-sql-parser-3.4.0-1.fc23, phpMyAdmin-4.5.5.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.4.15.5-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin4-4.0.10.15-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.