tags 446451 moreinfo thanks Hi Steffen,
On Saturday 13 October 2007 07:26, Steffen Joeris wrote: > Cross-site scripting (XSS) vulnerability in scripts/setup.php > in phpMyAdmin 2.11.1, when accessed by a browser that does > not URL-encode requests, allows remote attackers to inject > arbitrary web script or HTML via the query string. NOTE: some > of these details are obtained from third party information. I've seen this fix in upstream SVN but couldn't think of a case where this is exploitable by anyone than the user himself. I will look into it but I'm not sure that this is a grave issue. A concrete exploit scenario is welcome. Thijs
pgp5TD07qbyu7.pgp
Description: PGP signature
