Arch Linux Security Advisory ASA-201510-23 ========================================== Severity: Low Date : 2015-10-30 CVE-ID : CVE-2015-7873 Package : phpmyadmin Type : content spoofing Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package phpmyadmin before version 4.5.1-1 is vulnerable to content spoofing. Resolution ========== Upgrade to 4.5.1-1. # pacman -Syu "phpmyadmin>=4.5.1-1" The problem has been fixed upstream in version 4.5.1. Workaround ========== None. Description =========== This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. This vulnerability is not considered to be critical since the spoofed content is escaped and no HTML injection is possible. Impact ====== A remote attacker is able do perform content spoofing using the redirection mechanism to external sites. References ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873 https://www.phpmyadmin.net/security/PMASA-2015-5/