XSS attack on setup script.
It was possible to conduct a XSS attack using spoofed request to setup script.
We consider this vulnerability to be non critical.
For 3.x: versions before 3.3.7 are affected.
Branch 2.11.x is not affected by this.
Upgrade to phpMyAdmin 3.3.7 or newer or apply patch listed below.
Thanks to Tenable Network Security for reporting this issue.
Assigned CVE ids: CVE-2010-3263
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.