Bugzilla – Bug 75707
VUL-0: CVE-2005-0992: XSS in phpMyAdmin
Last modified: 2021-09-27 08:53:02 UTC
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3: phpMyAdmin security announcement PMASA-2005-3 Announcement-ID: PMASA-2005-3 Date: 2005-04-03 Summary: Cross-Site Scripting vulnerability Description: We received a security advisory from Oriol Torrent Santiago and we wish to thank him for his work and report. The convcharset parameter was not correctly validated, opening the door to a XSS attack. Severity: We consider this vulnerability to be serious. Affected versions: Probably all phpMyAdmin versions before 2.6.2-rc1. Solution: Upgrade to phpMyAdmin 2.6.2-rc1 or newer. References: http://www.arrelnet.com/advisories/adv20050403.html
We don't have this enabled as default, so it's probably not that important.
Patch: http://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/libraries/common.lib.php?r1=2.111.2.1&r2=2.111.2.2
SM-Tracker-808
Fixed packages submitted.
did you fix #67276 as well?
CAN-2005-0992 patchinfo submitted
updated packages approved, thanks
CVE-2005-0992: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)