PMASA-2012-1
Announcement-ID: PMASA-2012-1
Date: 2012-02-18
Summary
XSS in replication setup.
Description
It was possible to conduct XSS using a crafted database name.
Severity
We consider this vulnerability to be non critical.
Mitigation factor
The victim would have to willingly click on a database name which clearly shows a possible XSS.
Affected Versions
Versions 3.4.x are affected.
Solution
Upgrade to phpMyAdmin 3.4.10.1 or newer or apply patch listed below.
References
Thanks to Jakub Gałczyk (http://hauntit.blogspot.com) for reporting this issue.
Assigned CVE IDs: CVE-2012-1190
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.