Описание
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| phpmyadmin | fixed | 4:2.8.1-1 | package | |
| phpmyadmin | not-affected | sarge | package |
Примечания
https://www.phpmyadmin.net/security/PMASA-2006-2/
The first linked commit is the official one for linked in PMASA
https://github.com/phpmyadmin/phpmyadmin/commit/79f778db99ac05e2028166d5a61ed25591e348c3
https://github.com/phpmyadmin/phpmyadmin/commit/fad722d2f488375f9cc94c0c75326e661c280ecc
EPSS
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
EPSS