CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4954 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4954
20 Jul 2014 — Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. Vulnerabilidad de XSS en la función PMA_getHtmlForActionLinks en libraries/structure.lib.php en phpMyAdmin 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados inyectar secuenci... • http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4986 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4986
20 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. Múltiples vulnerabilidades de XSS en js/functions.js en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permiten a us... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2014-4987 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4987
20 Jul 2014 — server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. server_user_groups.php en phpMyAdmin 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados evadir las restricciones de acceso y leer la lista de usuarios de MySQL a través de una solicitud viewUsers. Multiple vulnerabilities has been discovered and corrected in phpm... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4955 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4955
20 Jul 2014 — Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Vulnerabilidad de XSS en la función PMA_TRI_getRowForList en libraries/rte/rte_list.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2014-4348 – Mandriva Linux Security Advisory 2014-126
https://notcve.org/view.php?id=CVE-2014-4348
25 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre manipulado de (1) base de d... • http://phpmyadmin.net/home_page/security/PMASA-2014-2.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 2CVE-2014-4349 – Mandriva Linux Security Advisory 2014-126
https://notcve.org/view.php?id=CVE-2014-4349
25 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.1.x anterior a 4.1.14.1 y 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de tabla manipulado q... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •