CVE-2011-3598

Published: 8 October 2011

Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.

Priority

Status

Package	Release	Status
phppgadmin Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Ignored (end of life)
	maverick	Ignored (end of life)
	natty	Ignored (end of life)
	oneiric	Not vulnerable (5.0.3-1)
	precise	Not vulnerable (5.0.3-1)
	quantal	Not vulnerable (5.0.4-1)
	raring	Not vulnerable (5.0.4-1)
	saucy	Not vulnerable (5.0.4-1)
	upstream	Released (5.0.3)
	Patches: upstream: https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842

References

https://secunia.com/advisories/46248/
https://www.cve.org/CVERecord?id=CVE-2011-3598
NVD
Launchpad
Debian

Bugs

https://bugs.gentoo.org/show_bug.cgi?id=385505
https://bugzilla.redhat.com/show_bug.cgi?id=743205

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›