diff --git a/templates/security/PMASA-2012-4 b/templates/security/PMASA-2012-4
new file mode 100644
index 00000000..655ba3d9
--- /dev/null
+++ b/templates/security/PMASA-2012-4
@@ -0,0 +1,78 @@
+
+
+
+PMASA-2012-4
+
+
+
+2012-08-xx
+
+
+
+
+
+Multiple XSS in Table operations, Database structure, Trigger and Visualize
+GIS data pages.
+
+
+
+Using a crafted table name, it was possible to produce a XSS :
+1) On the Database Structure page, creating a new table with a crafted name
+2) On the Database Structure page, using the Empty and Drop links of the crafted table name
+3) On the Table Operations page of a crafted table, using the 'Empty the table (TRUNCATE)' and 'Delete the table (DROP)' links
+4) On the Triggers page of a database containing tables with a crafted name, when opening the 'Add Trigger' popup
+5) When creating a trigger for a table with a crafted name, with an invalid definition.
+Having crafted data in a database table, it was possible to produce a XSS :
+6) When visualizing GIS data, having a crafted label name.
+
+
+
+We consider these vulnerabilities to be non critical.
+
+
+
+These XSS can only be triggered when a table with a crafted name is already present, or if crafted data is already stored in a database table.
+
+
+
+Versions 3.4.x are affected, for issues #1 and #2.
+Versions 3.5.x are affected, for all issues.
+
+
+
+
+
+Upgrade to phpMyAdmin 3.4.11.1 or 3.5.2.2 or newer or apply the patches
+listed below.
+
+
+
+Thanks to Emanuel Bronshtein for reporting issues #2, #3 and #4.
+
+
+CVE-2012-4345
+
+661 79
+
+
+50d1a4884306ae6705f0bb665ba71da24089b6fe
+ee306681d0d5ac09b6fc62a7d573020af083e856
+dca22c5046aa16899042592b40a0af7b5c4f1fc7
+1aec25f5f2163029da51da39a1d13dcb20fb00ea
+d56335691cf1c1d8be3453904a885038da0a8c93
+
+
+
+d84b98d34012cc5986fe84f1871b0396990391ef
+e094f34bed5ef3fd9a4a3cd08e01ff59a260c730
+
+
+
+