Package: phpqladmin Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-3301: "Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php." The CVE does not link to a patch. I have not confirmed the vulnerability. The original announcement is low on details. Please mention the CVE in your changelog. Thanks, Alec -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEqF/2Aud/2YgchcQRAloaAJ45lDK1BnwxRQDbk63BR7YdgDqgeACggLSv 2lK99Qdo9gSYtkvwHPdEdJ0= =SBeV -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
