CVE-2018-7260 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Cross-site scripting
Description	Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-630	phpmyadmin	4.7.7-1	4.7.8-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
23 Feb 2018	ASA-201802-11	AVG-630	phpmyadmin	Medium	cross-site scripting

References
https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin/ https://www.phpmyadmin.net/security/PMASA-2018-1/ https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3e8745e8845633ae8a0054b5ee4d8babd5

References

https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin/
https://www.phpmyadmin.net/security/PMASA-2018-1/
https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3e8745e8845633ae8a0054b5ee4d8babd5