Launchpad.net

CVE 2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".

Related bugs and status

CVE-2010-4480 (Candidate) is related to these bugs:

Bug #696857: Fix CVE-2010-4480 and CVE-2010-4481

		In	Importance	Status
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu)	Low	Fix Released
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu Maverick)	Low	Fix Released
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu Natty)	Low	Fix Released
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu Karmic)	Undecided	Won't Fix
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu Lucid)	Undecided	Fix Released

Bug #913846: CVE-2010-4480

Summary				In	Importance	Status
	913846	CVE-2010-4480		phpmyadmin (Ubuntu)	Undecided	Fix Released
	913846	CVE-2010-4480		phpmyadmin (Ubuntu Lucid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

EXPLOIT-DB: 15699
VUPEN: ADV-2010-3133
SECUNIA: 42485
CONFIRM: http://www.phpmyadmin....
DEBIAN: DSA-2139
MANDRIVA: MDVSA-2011:000
BID: 45633
SECUNIA: 42725
VUPEN: ADV-2011-0001
VUPEN: ADV-2011-0027