FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- Self-XSS due to unescaped HTML output in import.

Affected packages
3.3.1 <= phpMyAdmin < 4.1.7

Details

VuXML ID 0871d18b-9638-11e3-a371-6805ca0b3d42
Discovery 2014-02-15
Entry 2014-02-15

The phpMyAdmin development team reports:

When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical.

References

CVE Name CVE-2014-1879
URL http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php