phpMyAdmin: self-XSS due to unescaped HTML output (CVE-2014-4348 CVE-2014-4349)
Self-XSS due to unescaped HTML output in navigation items hiding feature.
Versions 4.1.x (prior to 126.96.36.199) and 4.2.x (prior to 4.2.4) are affected.
Self-XSS due to unescaped HTML output in recent/favorite tables navigation.
All versions since 4.2.0 and prior to 4.2.4 are affected.
(from redmine: issue id 3086, created on 2014-06-24, closed on 2014-06-26)
- Revision ecf6433d by Natanael Copa on 2014-06-25T16:43:49Z:
main/phpmyadmin: security upgrade to 4.2.4 (CVE-2014-4348,CVE-2014-4349) fixes #3086