CVE-2014-1879

phpMyAdmin <4.1.7 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.

References (5)

[Mailing List] http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html

[Third Party Advisory] http://secunia.com/advisories/59832

[Vendor Advisory] http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php

[Patch] https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65717

Scores

EPSS 0.0020

EPSS Percentile 42.2%

Details

CWE

CWE-79

Status published

Products (50)

phpmyadmin/phpmyadmin < 4.1.6

phpmyadmin/phpmyadmin

... and 40 more

Published Feb 20, 2014

Tracked Since Feb 18, 2026