Marc Delisle
-
2014-08-17
- private: Yes --> No
Menu
▾
▴
#4502 (ok 4.0.10.2) Self-XSS in enum value editor
Steps: In table structure page, add a new column, insert '' as column name, chose enum as column type and click on "Edit ENUM/SET values" link.
Affected versions: 4.0.x, 4.1.x, 4.2.x
Problematic line: function.js L2693 (in QA_4_2) "title = PMA_messages.enum_columnVals.replace(/%s/, '"' + decodeURIComponent(colname) + '"');
Discussion
-
Marc Delisle - 2014-08-17- summary: Self-XSS in enum value editor --> (ok 4.0.10.2) Self-XSS in enum value editor
- status: open --> fixed
- assigned_to: Madhura Jayaratne
- Priority: 5 --> 1
