phpMyAdmin / Bugs / #4492 (ok 4.2.6) XSS in AJAX confirmation messages

#4492 (ok 4.2.6) XSS in AJAX confirmation messages

Milestone: 4.0.10

Status: fixed

Owner: Marc Delisle

Labels: None

Priority: 1

Updated: 2014-07-17

Created: 2014-07-16

Creator: Marc Delisle

Private: No

As reported by Madhura Jayaratne. Happens when having an IMG tag in a table name or column name.

"Try dropping the column from
table structure and try dropping or truncating the table from table
operations page. In both cases AJAX confirmation pop up causes XSSes."

Discussion

Marc Delisle - 2014-07-17

summary: XSS in AJAX confirmation messages --> (ok 4.2.6) XSS in AJAX confirmation messages

status: open --> fixed

private: Yes --> No

Priority: 5 --> 1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

(ok 4.2.6) XSS in AJAX confirmation messages

A software tool to bring MySQL to the Web

Group

Searches

Help

#4492 (ok 4.2.6) XSS in AJAX confirmation messages

Discussion