Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-1150

Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.

Related bugs and status

CVE-2009-1150 (Candidate) is related to these bugs:

Bug #306699: please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable

Summary				In	Importance	Status
	306699	please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable		phpmyadmin (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.phpmyadmin....
SECUNIA: 34430
SUSE: SUSE-SR:2009:008
SECUNIA: 34642
MANDRIVA: MDVSA-2009:115
DEBIAN: DSA-1824
BID: 34251
SECUNIA: 35585
GENTOO: GLSA-200906-03
SECUNIA: 35635
CONFIRM: http://phpmyadmin.svn....