Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
  • 3 commits
  • 1 file changed
  • 0 commit comments
  • 1 contributor
Showing with 72 additions and 0 deletions.
  1. +72 −0 templates/security/PMASA-2012-1
72 templates/security/PMASA-2012-1
View
@@ -0,0 +1,72 @@
+<!--! Template for security announcement -->
+<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+
+<py:def function="announcement_id">
+PMASA-2012-1
+</py:def>
+
+<py:def function="announcement_date">
+2012-02-20
+</py:def>
+
+<!--! Optional section, use only if something has been changed
+<py:def function="announcement_updated">
+2012-??-??
+</py:def>
+-->
+
+<py:def function="announcement_summary">
+XSS in replication setup.
+</py:def>
+
+
+<!--! If you need to avoid toplevel <p></p>, use this:
+<py:def function="announcement_description_fmt">
+-->
+<py:def function="announcement_description">
+It was possible to conduct XSS using crafted database name.
+</py:def>
+
+<py:def function="announcement_severity">
+We consider this vulnerability to be non critical.
+</py:def>
+
+<py:def function="announcement_mitigation">
+The victim would have to willingly click on database name which clearly shows
+possible XSS.
+</py:def>
+
+<py:def function="announcement_affected">
+Versions 3.4.x are affected.
+</py:def>
+
+<!--! Optional section
+<py:def function="announcement_unaffected">
+</py:def>
+-->
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.4.10.1 or newer or apply patch listed below.
+</py:def>
+
+<!--! Links to reporter etc, do not forget to escape & to &amp; -->
+<py:def function="announcement_references">
+Thanks to Jakub Gałczyk (<a href="http://hauntit.blogspot.com">http://hauntit.blogspot.com</a>) for reporting this issue.
+</py:def>
+
+<!--! CVE ID of the report, this is automatically added to references -->
+<py:def function="announcement_cve">CVE-2012-1190</py:def>
+
+<!--! CWE IDs of the problem, CWE provides categorisation of the problems,
+661 is "Weaknesses in Software Written in PHP"
+See http://nvd.nist.gov/cwe.cfm for more information
+-->
+<py:def function="announcement_cwe">661 79</py:def>
+
+<py:def function="announcement_commits">
+86073d532aed656550cb731aa5b4288b126ae7a6
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>

No commit comments for this range

Something went wrong with that request. Please try again.