PMASA-2005-8
Announcement-ID: PMASA-2005-8
Date: 2005-12-05
Summary
XSS vulnerabilities
Description
It was possible to conduct an XSS attack via the HTTP_HOST variable; also, some scripts in the libraries directory that handle header generation were vulnerable to XSS.
Severity
We consider these vulnerabilities to be serious.
Affected Versions
We did not make an extensive verification on this. Probably all previous versions are affected.
Solution
Upgrade to phpMyAdmin 2.7.0.
References
Assigned CVE IDs: CVE-2005-3665
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.
Announcements
PMASA-2016-71
PMASA-2016-70
PMASA-2016-69
PMASA-2016-68
PMASA-2016-67
PMASA-2016-66
PMASA-2016-65
PMASA-2016-64
PMASA-2016-63
PMASA-2016-62
PMASA-2016-61
PMASA-2016-60
PMASA-2016-59
PMASA-2016-58
PMASA-2016-57
PMASA-2016-56
PMASA-2016-55
PMASA-2016-54
PMASA-2016-53
PMASA-2016-52
PMASA-2016-51
PMASA-2016-50
PMASA-2016-49
PMASA-2016-48
PMASA-2016-47
PMASA-2016-46
PMASA-2016-45
PMASA-2016-44
PMASA-2016-43
PMASA-2016-42
PMASA-2016-41
PMASA-2016-40
PMASA-2016-39
PMASA-2016-38
PMASA-2016-37
PMASA-2016-36
PMASA-2016-35
PMASA-2016-34
PMASA-2016-33
PMASA-2016-32
PMASA-2016-31
PMASA-2016-30
PMASA-2016-29
PMASA-2016-28
PMASA-2016-27
PMASA-2016-26
PMASA-2016-25
PMASA-2016-24
PMASA-2016-23
PMASA-2016-22
PMASA-2016-21
PMASA-2016-20
PMASA-2016-19
PMASA-2016-18
PMASA-2016-17
PMASA-2016-16
PMASA-2016-15
PMASA-2016-14
PMASA-2016-13
PMASA-2016-12
PMASA-2016-11
PMASA-2016-10
PMASA-2016-9
PMASA-2016-8
PMASA-2016-7
PMASA-2016-6
PMASA-2016-5
PMASA-2016-4
PMASA-2016-3
PMASA-2016-2
PMASA-2016-1