Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-4345

Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.

Related bugs and status

CVE-2012-4345 (Candidate) is related to these bugs:

Bug #1441587: CVE-2012-4345: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.

Summary				In	Importance	Status
	1441587	CVE-2012-4345: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.		phpmyadmin (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.phpmyadmin....
SUSE: openSUSE-SU-2012:1062
MANDRIVA: MDVSA-2012:136