Package: phpmyadmin Version: 4:2.6.2-3sarge1 Severity: important Tags: security
http://www.securityfocus.com/bid/16389 phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. This is CVE-2005-3787 (I see several other XSS fixes, but not this one; if this is a duplicate, I am sorry for wasting time). -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-686-smp Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1) Versions of packages phpmyadmin depends on: ii apache-ssl [httpd] 1.3.33-6sarge1 versatile, high-performance HTTP s ii debconf 1.4.30.13 Debian configuration management sy ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-mysql 4:4.3.10-16 MySQL module for php4 ii wwwconfig-common 0.0.43 Debian web auto configuration -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
