Описание
XSS in Adminer
Withdrawn: Duplicate of GHSA-9pgx-gcph-mpqr.
Adminer before 4.7.9 allows XSS via the history parameter to the default URI.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-35572
- https://github.com/vrana/adminer/commit/5c395afc098e501be3417017c6421968aac477bd
- https://github.com/vrana/adminer
- https://sourceforge.net/p/adminer/bugs-and-features/775
- https://sourceforge.net/p/adminer/news
- https://sourceforge.net/p/adminer/news/2021/02/adminer-479-released
Пакеты
Наименование
vrana/adminer
composer
Затронутые версииВерсия исправления
< 4.7.9
4.7.9
Дефекты
CWE-79
Дефекты
CWE-79