CVE-2008-4326

Publication date 30 September 2008

Last updated 24 July 2024


Ubuntu priority

The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.

Status

Package Ubuntu Release Status
phpmyadmin 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Fixed 4:2.11.8.1-1ubuntu0.1
8.04 LTS hardy
Fixed 4:2.11.3-1ubuntu1.2
7.10 gutsy Ignored end of life, was needs-triage
7.04 feisty Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
phpmyadmin