FS#59766 - [phpmyadmin] CVE-2018-15605: XSS in the import dialog
Attached to Project:
Community Packages
Opened by Karol Babioch (kbabioch) - Thursday, 23 August 2018, 07:12 GMT
Last edited by Sergej Pupykin (sergej) - Tuesday, 02 October 2018, 12:42 GMT
Opened by Karol Babioch (kbabioch) - Thursday, 23 August 2018, 07:12 GMT
Last edited by Sergej Pupykin (sergej) - Tuesday, 02 October 2018, 12:42 GMT
|
Details
Description:
XSS in the import dialog A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Affected: phpMyAdmin versions prior to 4.8.3 Additional info: https://www.phpmyadmin.net/security/PMASA-2018-5/ |
This task depends upon
Comment by
Eli Schwartz (eschwartz) -
Thursday, 23 August 2018, 21:25 GMT
- Field changed: Status (Unconfirmed → Assigned)
- Field changed: Severity (Low → High)
- Task assigned to Levente Polyak (anthraxx), Sergej Pupykin (sergej)
4.8.3 was released yesterday to provide the fix:
https://lists.phpmyadmin.net/pipermail/news/2018-August/000504.html