Nytro Posted December 22, 2011 Report Posted December 22, 2011 [h=1]phpMyAdmin 3.4.9 fixes XSS vulnerabilities[/h]22 December 2011, 12:10Version 3.4.9 of phpMyAdmin has been released, closing two security holes in the open source database administration tool. The update fixes vulnerabilities in the phpMyAdmin setup interface and the export panels in the server, database and table sections that could be exploited for cross-site scripting (XSS) attacks. All 3.4.x versions up to and including 3.4.8 are affected – upgrading to 3.4.9 corrects the issues. Alternatively, patches are provided. The new release also fixes nine other bugs related to navigation, the user interface and the edit functionality. A full list of changes can be found in the release notes and in the project's security advisories. Version 3.4.9 of phpMyAdmin is available to download from the project's site. Hosted on SourceForge, phpMyAdmin source code is licensed under the GPLv2. See also:XSS in export, a phpMyAdmin security advisory.XSS in setup, a phpMyAdmin security advisory. (crve)Sursa: phpMyAdmin 3.4.9 fixes XSS vulnerabilities - The H Open Source: News and Features Quote
