Announcement-ID: PMASA-2007-8
Date: 2007-11-20
XSS vulnerability
We received an advisory from Tim Brown, Nth Dimension, and we wish to thank him for his work. The login page (auth_type cookie) was vulnerable to XSS via the convcharset parameter.
We consider this vulnerability to be serious.
Probably all versions before 2.11.2.2.
Upgrade to phpMyAdmin 2.11.2.2 or newer.
http://www.nth-dimension.org.uk/downloads.php?id=38
Assigned CVE ids: CVE-2007-6100
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.