PMASA-2005-3

Announcement-ID: PMASA-2005-3

Date: 2005-04-03

Summary

Cross-Site Scripting vulnerability

Description

We received a security advisory from Oriol Torrent Santiago and we wish to thank him for his work and report. The convcharset parameter was not correctly validated, opening the door to a XSS attack.

Severity

We consider this vulnerability to be serious.

Affected Versions

Probably all phpMyAdmin versions before 2.6.2-rc1.

Solution

Upgrade to phpMyAdmin 2.6.2-rc1 or newer.

References

http://www.arrelnet.com/advisories/adv20050403.html

Assigned CVE ids: CVE-2005-0992

CWE ids: CWE-661 CWE-79

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements