Launchpad.net

CVE 2010-4329

Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.

Related bugs and status

CVE-2010-4329 (Candidate) is related to these bugs:

Bug #667172: No icon for phpmyadmin

Summary				In	Importance	Status
	667172	No icon for phpmyadmin		phpmyadmin (Ubuntu)	Undecided	Fix Released

Bug #684865: Sync phpmyadmin 4:3.3.7-2 (universe) from Debian sid (main)

Summary				In	Importance	Status
	684865	Sync phpmyadmin 4:3.3.7-2 (universe) from Debian sid (main)		phpmyadmin (Ubuntu)	Wishlist	Invalid
	684865	Sync phpmyadmin 4:3.3.7-2 (universe) from Debian sid (main)		phpmyadmin (Ubuntu Maverick)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://phpmyadmin.git....
CONFIRM: http://phpmyadmin.git....
CONFIRM: http://www.phpmyadmin....
BID: 45100
OSVDB: 69516
SECUNIA: 42408
VUPEN: ADV-2010-3082
MANDRIVA: MDVSA-2010:244
VUPEN: ADV-2010-3087
FEDORA: FEDORA-2010-18343
FEDORA: FEDORA-2010-18371
SECUNIA: 42477
VUPEN: ADV-2010-3158
DEBIAN: DSA-2139
SECUNIA: 42725
VUPEN: ADV-2011-0001