XSS on a Designer component
A logged-in user can be subject of cross site scripting attack via the pmd_pdf.php script.
We consider this vulnerability to be serious.
For 2.11.x: versions before 220.127.116.11.<br /> For 3.0.x: versions before 18.104.22.168.<br />
Upgrade to phpMyAdmin 22.214.171.124 or 126.96.36.199.
Assigned CVE ids: CVE-2008-4775
The following commits have been made to fix this issue:
The following commits have been made on the 2.11 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.