Updated phpmyadmin package fixes XSS vulnerabilities
Publication date: 21 Aug 2014Modification date: 21 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-5273 , CVE-2014-5274
Description
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse table, ENUM editor, monitor, query charts and table relations pages (CVE-2014-5273). In phpMyAdmin before 4.1.14.3, with a crafted view name it is possible to trigger an XSS when dropping the view in view operation page (CVE-2014-5274).
References
SRPMS
3/core
- phpmyadmin-4.1.14.3-1.mga3
4/core
- phpmyadmin-4.1.14.3-1.mga4