CVE-2014-4348
phpMyAdmin 4.2.x < 4.2.4 - Authenticated Cross-Site Scripting via Database or Table Name
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.
References (4)
Core 4
Core References
Exploit, Patch x_refsource_confirm
https://github.com/phpmyadmin/phpmyadmin/commit/d18a2dd9faad7e0e96df799b59e16ef587afb838
Patch, Vendor Advisory x_refsource_confirm
http://phpmyadmin.net/home_page/security/PMASA-2014-2.php
Exploit, Patch x_refsource_confirm
https://github.com/phpmyadmin/phpmyadmin/commit/cb7c703c03f656debcea2a16468bd53660fc888e
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68201
Scores
EPSS
0.0018
EPSS Percentile
39.5%
Details
CWE
CWE-79
Status
published
Products (4)
phpmyadmin/phpmyadmin
4.2.0
phpmyadmin/phpmyadmin
4.2.1
phpmyadmin/phpmyadmin
4.2.2
phpmyadmin/phpmyadmin
4.2.3
Published
Jun 25, 2014
Tracked Since
Feb 18, 2026