CVE-2013-5001

Published: 31 July 2013

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.

Priority

Status

Package	Release	Status
phpmyadmin Launchpad, Ubuntu, Debian	lucid	Not vulnerable
	precise	Not vulnerable
	quantal	Not vulnerable
	raring	Not vulnerable (4:3.5.8.1-1)
	saucy	Not vulnerable (4:4.0.6-1)
	trusty	Not vulnerable
	upstream	Released (4:4.0.4.2-1)

References

http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
https://www.cve.org/CVERecord?id=CVE-2013-5001
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.