CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4986 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4986
20 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. Múltiples vulnerabilidades de XSS en js/functions.js en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permiten a us... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2014-4987 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4987
20 Jul 2014 — server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. server_user_groups.php en phpMyAdmin 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados evadir las restricciones de acceso y leer la lista de usuarios de MySQL a través de una solicitud viewUsers. Multiple vulnerabilities has been discovered and corrected in phpm... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 2CVE-2014-4349 – Mandriva Linux Security Advisory 2014-126
https://notcve.org/view.php?id=CVE-2014-4349
25 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.1.x anterior a 4.1.14.1 y 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de tabla manipulado q... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •