Bug 1182034 (CVE-2020-35572)

Summary:	VUL-0: CVE-2020-35572: adminer: XSS via the history parameter to the default URI
Product:	[openSUSE] openSUSE Distribution	Reporter:	Alexander Bergmann <abergmann>
Component:	Basesystem	Assignee:	Jimmy Berry <jimmy>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Minor
Priority:	P3 - Medium	CC:	atoptsoglou
Version:	Leap 15.2
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/277585/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Alexander Bergmann 2021-02-10 08:02:30 UTC

CVE-2020-35572

Adminer through 4.7.8 allows XSS via the history parameter to the default URI.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35572
https://sourceforge.net/p/adminer/bugs-and-features/775/
https://sourceforge.net/p/adminer/news/

Comment 1 Jimmy Berry 2021-03-02 02:20:52 UTC

4.7.9 in https://build.opensuse.org/package/show/openSUSE:Leap:15.2:Update/adminer