Re: Analysis of issue for phpmyadmin and request for comment on XSS issues

2016-07-02 Thread Ola Lundqvist
Hi Markus and Ben Thanks to both of you for good insight. Markus you gave a good reminder that XSS is also for people who have "write permission" to the site. I'll use both your inputs in the further patch work. The XSS issues looks trivial so I should be able to fix all or most of them easily.

Re: Analysis of issue for phpmyadmin and request for comment on XSS issues

2016-06-28 Thread Markus Koschany
On 26.06.2016 23:47, Ola Lundqvist wrote: > Hi LTS team Hi! > > I have done some analysis of the issues for phpmyadmin. > > It would be good to know what your opinion about XSS issues for admin > software like phpmyadmin is. I do not see how that can be very > important. I mean you know the URL

Re: Analysis of issue for phpmyadmin and request for comment on XSS issues

2016-06-26 Thread Ben Hutchings
On Sun, 2016-06-26 at 23:47 +0200, Ola Lundqvist wrote: > Hi LTS team > > I have done some analysis of the issues for phpmyadmin. > > It would be good to know what your opinion about XSS issues for admin > software like phpmyadmin is. I do not see how that can be very important. I > mean you know

Analysis of issue for phpmyadmin and request for comment on XSS issues

2016-06-26 Thread Ola Lundqvist
Hi LTS team I have done some analysis of the issues for phpmyadmin. It would be good to know what your opinion about XSS issues for admin software like phpmyadmin is. I do not see how that can be very important. I mean you know the URL and do not really use external links for accessing it. Or do