FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- XSS in the import dialog

Affected packages
phpMyAdmin < 4.8.3
phpMyAdmin-php56 < 4.8.3
phpMyAdmin-php70 < 4.8.3
phpMyAdmin-php71 < 4.8.3
phpMyAdmin-php72 < 4.8.3

Details

VuXML ID 9e205ef5-a649-11e8-b1f6-6805ca0b3d42
Discovery 2018-08-21
Entry 2018-08-22

The phpMyAdmin development team reports:

Description

A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file.

Severity

We consider this attack to be of moderate severity.

[source]

References

CVE Name CVE-2018-15605
URL https://www.phpmyadmin.net/security/PMASA-2018-5/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.