CVE-2014-5273

Phpmyadmin - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

References (8)

[Mailing List] http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html

[Third Party Advisory] http://secunia.com/advisories/60397

[Vendor Advisory] http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php

[Exploit, Patch] https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614

[Exploit, Patch] https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821

[Exploit, Patch] https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb

[Exploit, Patch] https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb

[Exploit, Patch] https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c

Scores

EPSS 0.0038

EPSS Percentile 59.3%

Details

CWE

CWE-79

Status published

Products (42)

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

... and 32 more

Published Aug 22, 2014

Tracked Since Feb 18, 2026