CVE-2014-5273

phpMyAdmin 4.0.x < 4.0.10.2, 4.1.x < 4.1.14.3, 4.2.x < 4.2.7.1 - Authenticated Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

References (8)

Core 8
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60397

Scores

EPSS 0.0038
EPSS Percentile 59.7%

Details

CWE
CWE-79
Status published
Products (39)
phpmyadmin/phpmyadmin 4.0.0 (3 CPE variants)
phpmyadmin/phpmyadmin 4.0.1
phpmyadmin/phpmyadmin 4.0.2
phpmyadmin/phpmyadmin 4.0.3
phpmyadmin/phpmyadmin 4.0.4
phpmyadmin/phpmyadmin 4.0.4.1
phpmyadmin/phpmyadmin 4.0.4.2
phpmyadmin/phpmyadmin 4.0.5
phpmyadmin/phpmyadmin 4.0.6
phpmyadmin/phpmyadmin 4.0.7
... and 29 more
Published Aug 22, 2014
Tracked Since Feb 18, 2026