ArchLinux: 201510-23: phpmyadmin: content spoofing
Summary
This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. This vulnerability is not considered to be critical since the spoofed content is escaped and no HTML injection is possible.
Resolution
Upgrade to 4.5.1-1.
# pacman -Syu "phpmyadmin>=4.5.1-1"
The problem has been fixed upstream in version 4.5.1.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873 https://www.phpmyadmin.net/security/PMASA-2015-5/
Workaround
None.