[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

xss in phpmyadmin <= 2.8.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: xss in phpmyadmin <= 2.8.1
From: alfa@xxxxxxxxxx
Date: 12 Jan 2007 11:59:41 -0000

although >= v2.8.2 isn't vulnerable anymore, i still think this issue is 
important because phpmyadmin.net still offers 2.7.2-pl2 for download on their 
website and this is a vulnerable version.

it's an xss bug that wasn't fixed properly (reference: 
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3)

$convcharset is still vulnerable for xss attackts but only in IE < 7.

All phpmyadmin <= 2.8.1 seem to be vulnerable.

an Advisory can be found here:

http://www.virtuax.be/advisories/Advisory1-12012007.txt

Prev by Date: Ezboxx multiple vulnerabilities.
Next by Date: [ MDKSA-2007:011 ] - Updated Thunderbird packages fix multiple vulnerabilities
Previous by thread: Ezboxx multiple vulnerabilities.
Next by thread: Re: xss in phpmyadmin <= 2.8.1
Index(es):
- Date
- Thread