<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:384573838;
mso-list-type:hybrid;
mso-list-template-ids:1598850102 -866193110 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Hi,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Here is some error My scanner find here is the Description <span
style='font-family:Wingdings'>à</span><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:black;background:white'>“The version of phpMyAdmin hosted on the remote
server is 3.4.x prior to 3.4.8 and is affected by a<span
class=apple-converted-space> </span></span><span style='font-size:9.0pt;
font-family:"Arial","sans-serif";color:black'><br>
<span style='background:white'>cross‑site scripting vulnerability. The database
name is not properly sanitized in the file<span class=apple-converted-space> </span></span><br>
<span style='background:white'>'js/db_operations.js' when attempting to rename
a database. Note that this version is<span class=apple-converted-space> </span></span><br>
<span style='background:white'>reportedly affected by several other cross‑ site
scripting vulnerabilities. However, Site<span class=apple-converted-space> </span></span><br>
<span style='background:white'>Scanner has not tested for these vulnerabilities.”</span></span>
<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>And they told me for the solution..<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>“<span style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:black;background:white'>Either apply the vendor patches or upgrade to
phpMyAdmin version</span><span style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:black'><br>
<span style='background:white'>3.4.8 or later.</span></span>”<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>When I about to access the same URL that will shows..<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<pre>“<span style='color:black'>$(document).ready(function(){$("#rename_db_form.ajax").live("submit",function(a){a.preventDefault();a=$(this);var d="CREATE DATABASE "+$("#new_db_name").val()+" / DROP DATABASE "+window.parent.db;PMA_prepareForAjaxRequest(a);var b={};b[PMA_messages.strYes]=function(){$(this).dialog("close").remove();window.parent.refreshMain();window.parent.refreshNavigation()};b[PMA_messages.strNo]=function(){$(this).dialog("close").remove()};a.PMA_confirm(d,a.attr("action"),function(e){PMA_ajaxShowMessage(PMA_messages.strRenamingDatabases);<o:p></o:p></span></pre>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>$.get(e,$("#rename_db_form").serialize()+"&is_js_confirmed=1",function(c){if(c.success==true){PMA_ajaxShowMessage(c.message);window.parent.db=c.newname;$("#topmenucontainer").next("div").remove().end().after(c.sql_query);c=$("#topmenucontainer").next("div").find(".notice");c.text()==""&&c.remove();$("<span>"+PMA_messages.strReloadDatabase+"?</span>").dialog({buttons:b})}else
PMA_ajaxShowMessage(c.error)})})});$("#copy_db_form.ajax").live("submit",function(a){a.preventDefault();var
d=PMA_ajaxShowMessage(PMA_messages.strCopyingDatabase);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>a=$(this);PMA_prepareForAjaxRequest(a);$.get(a.attr("action"),a.serialize(),function(b){$(".success").fadeOut();$(".error").fadeOut();if(b.success==true){$("#topmenucontainer").after(b.message);if($("#checkbox_switch").is(":checked")){window.parent.db=b.newname;window.parent.refreshMain();window.parent.refreshNavigation()}else
window.parent.refreshNavigation(true)}else
$("#topmenucontainer").after(b.error);PMA_ajaxRemoveMessage(d)})});$("#change_db_charset_form.ajax").live("submit",function(a){a.preventDefault();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>a=$(this);PMA_prepareForAjaxRequest(a);PMA_ajaxShowMessage(PMA_messages.strChangingCharset);$.get(a.attr("action"),a.serialize()+"&submitcollation="+a.find("input[name=submitcollation]").attr("value"),function(d){d.success==true?PMA_ajaxShowMessage(d.message):PMA_ajaxShowMessage(d.error)})})},"top.frame_content");</span>”<span
style='font-size:10.0pt;font-family:"Courier New";color:black'><o:p></o:p></span></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-family:Wingdings'><span style='mso-list:Ignore'>è<span
style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>Here I am
not able to update the version of phpMyAdmin <span style='color:#00B050'>currently
I am using 3.4.5 version</span> please suggest me how to “<span
style='color:#00B050'>apply the vendor patches</span>”.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks,<o:p></o:p></p>
<p class=MsoNormal>Ati<o:p></o:p></p>
</div>
</body>
</html>