Advisories ยป MGASA-2014-0275

Updated phpmyadmin packages fix CVE-2014-4349

Publication date: 27 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4349

Description

Updated phpmyadmin packages fix security vulnerability:

In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding
or unhiding a crafted table name in the navigation, due to unescaped HTML
output in the navigation items hiding feature. Note that this vulnerability
can only be triggered by someone who logged in to phpMyAdmin, as the usual
token protection prevents non-logged-in users from accessing the required
form (CVE-2014-4349).
                

References

SRPMS

3/core

4/core