------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-19 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2011-01-31
Severity: 2
Type: Remote
------------------------------------------------------------------------
Summary
=======
Cross-site scripting XSS vulnerability has been fixed in phpmyadmin.
Description
===========
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1,
allows remote attackers to conduct cross-site scripting (XSS) attacks
via a crafted BBcode tag containing "@" characters, as demonstrated
using "[a@url@page]".
Affected packages:
Pardus 2009:
phpmyadmin, all before 3.3.9-28-9
Resolution
==========
There are update(s) for phpmyadmin. You can update them via Package
Manager or with a single command from console:
pisi up phpmyadmin
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=15978
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
