Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#59766 - [phpmyadmin] CVE-2018-15605: XSS in the import dialog
Attached to Project:
Community Packages
Opened by Karol Babioch (kbabioch) - Thursday, 23 August 2018, 07:12 GMT
Last edited by Sergej Pupykin (sergej) - Tuesday, 02 October 2018, 12:42 GMT
Opened by Karol Babioch (kbabioch) - Thursday, 23 August 2018, 07:12 GMT
Last edited by Sergej Pupykin (sergej) - Tuesday, 02 October 2018, 12:42 GMT
|
DetailsDescription:
XSS in the import dialog A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Affected: phpMyAdmin versions prior to 4.8.3 Additional info: https://www.phpmyadmin.net/security/PMASA-2018-5/ |
This task depends upon
Comment by Eli Schwartz (eschwartz) -
Thursday, 23 August 2018, 21:25 GMT
- Field changed: Status (Unconfirmed → Assigned)
- Field changed: Severity (Low → High)
- Task assigned to Levente Polyak (anthraxx), Sergej Pupykin (sergej)
4.8.3 was released yesterday to provide the fix: https://lists.phpmyadmin.net/pipermail/news/2018-August/000504.html