logo
DATABASE RESOURCES PRICING ABOUT US

XSS attack in database search.

Description

## PMASA-2010-8 **Announcement-ID:** PMASA-2010-8 **Date:** 2010-11-29 ### Summary XSS attack in database search. ### Description It was possible to conduct a XSS attack using spoofed request on the db search script. ### Severity We consider this vulnerability to be non critical. ### Affected Versions For 3.x: versions before 3.3.8.1 are affected. For 2.11.x: versions before 2.11.11.1 are affected. ### Solution Upgrade to phpMyAdmin 3.3.8.1 or newer, or 2.11.11.1 if using the 2.11.x family. You can also apply the patch listed below. ### References Thanks to Alexander Opitz for reporting this issue. Assigned CVE ids: [CVE-2010-4329](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4329>) CWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>) ### Patches The following commits have been made to fix this issue: * [4341818d73d454451f024950a4ce0141608ac7f8](<https://github.com/phpmyadmin/phpmyadmin/commit/4341818d73d454451f024950a4ce0141608ac7f8>) The following commits have been made on the 2.11 branch to fix this issue: * [e1f4901ffc400b6d2df15eac0ba5015fe48a27c4](<https://github.com/phpmyadmin/phpmyadmin/commit/e1f4901ffc400b6d2df15eac0ba5015fe48a27c4>) ### More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>).


Affected Software


CPE Name Name Version
phpmyadmin 2.11.11.1
phpmyadmin 3.3.8.1

Related