CVE-2013-5002

描述

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.

受影響套件(2)

• Debian/phpmyadminfrom 0, < 4:4.0.4.2-1
• Packagist/phpmyadmin/phpmyadmin>= 3.5, < 3.5.8.2

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-5002
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-5002
• WEBhttp://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php