Bug#446451: phpmyadmin: CVE-2007-5386 XSS vulnerability

severity 446451 normal thanks On Tue, October 16, 2007 09:40, Michal Čihař wrote: > And it looks to be exploitable only with MSIE with disabled UTF-8 urls. Yeah... which is not the default. Only exploitable with a specific browser with a specific environment is quite obscure. > BTW: There will

Bug#446451: phpmyadmin: CVE-2007-5386 XSS vulnerability

Hi On Tue, 16 Oct 2007 08:24:57 +0200 Thijs Kinkhorst <[EMAIL PROTECTED]> wrote: > tags 446451 moreinfo > thanks > > Hi Steffen, > > On Saturday 13 October 2007 07:26, Steffen Joeris wrote: > > Cross-site scripting (XSS) vulnerability in scripts/setup.php > > in phpMyAdmin 2.11.1, when accessed

Bug#446451: phpmyadmin: CVE-2007-5386 XSS vulnerability

tags 446451 moreinfo thanks Hi Steffen, On Saturday 13 October 2007 07:26, Steffen Joeris wrote: > Cross-site scripting (XSS) vulnerability in scripts/setup.php > in phpMyAdmin 2.11.1, when accessed by a browser that does > not URL-encode requests, allows remote attackers to inject > arbitrary we

Bug#446451: phpmyadmin: CVE-2007-5386 XSS vulnerability

Package: phpmyadmin Severity: grave Tags: security Justification: user security hole Hi The following CVE[0] has been issued against phpmyadmin. You can find a patch below. CVE-2007-5386: Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a bro