User: Password:
Subscribe / Log in / New account

Mageia alert MGASA-2014-0275 (phpmyadmin)

From:  Mageia Updates <>
Subject:  [updates-announce] MGASA-2014-0275: Updated phpmyadmin packages fix CVE-2014-4349
Date:  Fri, 27 Jun 2014 17:03:21 +0200
Message-ID:  <>

MGASA-2014-0275 - Updated phpmyadmin packages fix CVE-2014-4349 Publication date: 27 Jun 2014 URL: Type: security Affected Mageia releases: 3, 4 CVE: CVE-2014-4349 Description: Updated phpmyadmin packages fix security vulnerability: In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding or unhiding a crafted table name in the navigation, due to unescaped HTML output in the navigation items hiding feature. Note that this vulnerability can only be triggered by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form (CVE-2014-4349). References: - - - SRPMS: - 4/core/phpmyadmin- - 3/core/phpmyadmin-

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds