[Phpmyadmin-devel] phpMyAdmin security alert PMASA-2005-3

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Sun Apr 3 16:17:28 CEST 2005


phpMyAdmin security announcement PMASA-2005-3

Announcement-ID: PMASA-2005-3
Date: 2005-04-03

Summary:
Cross-Site Scripting vulnerability

Description:
We received a security advisory from Oriol Torrent Santiago and we wish to thank him for his work 
and report. The convcharset parameter was not correctly validated, opening the door to a XSS attack.

Severity:
We consider this vulnerability to be serious.

Affected versions:
Probably all phpMyAdmin versions before 2.6.2-rc1.

Solution:
Upgrade to phpMyAdmin 2.6.2-rc1 or newer.

References:
http://www.arrelnet.com/advisories/adv20050403.html

For further information and in case of questions, please contact the phpMyAdmin team. Our website is 
http://www.phpmyadmin.net/.




More information about the Developers mailing list