On Sun, 2016-06-26 at 23:47 +0200, Ola Lundqvist wrote: > Hi LTS team > > I have done some analysis of the issues for phpmyadmin. > > It would be good to know what your opinion about XSS issues for admin > software like phpmyadmin is. I do not see how that can be very important. I > mean you know the URL and do not really use external links for accessing it. > Or do anyone have another opinion? [...] So long as Javascript is enabled, there are many ways for a rogue site to generate HTTP requests to another site, and to obscure where a link really leads. Not many DBAs are going to turn Javascript off *and* check every link target before following it. However, I think XSS issues are generally treated as not meriting a DSA/DLA by themselves. Ben. -- Ben Hutchings Humour is the best antidote to reality.
Attachment:
signature.asc
Description: This is a digitally signed message part