FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- XSS vulnerability in normalization page

Affected packages
4.5.0 <= phpmyadmin < 4.5.4

Details

VuXML ID 7694927f-c60b-11e5-bf36-6805ca0b3d42
Discovery 2016-01-28
Entry 2016-01-28

The phpMyAdmin development team reports:

With a crafted table name it is possible to trigger an XSS attack in the database normalization page.

We consider this vulnerability to be non-critical.

This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required page.

References

CVE Name CVE-2016-2043
URL https://www.phpmyadmin.net/security/PMASA-2016-7/