
3 Apr
2005
3 Apr
'05
6:17 p.m.
phpMyAdmin security announcement PMASA-2005-3 Announcement-ID: PMASA-2005-3 Date: 2005-04-03 Summary: Cross-Site Scripting vulnerability Description: We received a security advisory from Oriol Torrent Santiago and we wish to thank him for his work and report. The convcharset parameter was not correctly validated, opening the door to a XSS attack. Severity: We consider this vulnerability to be serious. Affected versions: Probably all phpMyAdmin versions before 2.6.2-rc1. Solution: Upgrade to phpMyAdmin 2.6.2-rc1 or newer. References: http://www.arrelnet.com/advisories/adv20050403.html For further information and in case of questions, please contact the phpMyAdmin team. Our website is http://www.phpmyadmin.net/.