CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
72.6%
Announcement-ID: PMASA-2012-1
Date: 2012-02-18
XSS in replication setup.
It was possible to conduct XSS using a crafted database name.
We consider this vulnerability to be non critical.
The victim would have to willingly click on a database name which clearly shows a possible XSS.
Versions 3.4.x are affected.
Upgrade to phpMyAdmin 3.4.10.1 or newer or apply patch listed below.
Thanks to Jakub Gałczyk (<http://hauntit.blogspot.com>) for reporting this issue.
Assigned CVE ids: CVE-2012-1190
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.