phpMyAdmin: self-XSS due to unescaped HTML output (CVE-2014-4348 CVE-2014-4349)
CVE-2014-4349:
Self-XSS due to unescaped HTML output in navigation items hiding
feature.
Affected Versions:
Versions 4.1.x (prior to 4.1.14.1) and 4.2.x (prior to 4.2.4) are
affected.
CONFIRM: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-3.php
CVE-2014-4348:
Self-XSS due to unescaped HTML output in recent/favorite tables
navigation.
Affected Versions:
All versions since 4.2.0 and prior to 4.2.4 are affected.
CONFIRM: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-2.php
(from redmine: issue id 3086, created on 2014-06-24, closed on 2014-06-26)
- Changesets:
- Revision ecf6433d by Natanael Copa on 2014-06-25T16:43:49Z:
main/phpmyadmin: security upgrade to 4.2.4 (CVE-2014-4348,CVE-2014-4349)
fixes #3086