CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4986 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4986
20 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. Múltiples vulnerabilidades de XSS en js/functions.js en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permiten a us... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2014-4987 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4987
20 Jul 2014 — server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. server_user_groups.php en phpMyAdmin 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados evadir las restricciones de acceso y leer la lista de usuarios de MySQL a través de una solicitud viewUsers. Multiple vulnerabilities has been discovered and corrected in phpm... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4955 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4955
20 Jul 2014 — Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Vulnerabilidad de XSS en la función PMA_TRI_getRowForList en libraries/rte/rte_list.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2014-4348 – Mandriva Linux Security Advisory 2014-126
https://notcve.org/view.php?id=CVE-2014-4348
25 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre manipulado de (1) base de d... • http://phpmyadmin.net/home_page/security/PMASA-2014-2.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 2CVE-2014-4349 – Mandriva Linux Security Advisory 2014-126
https://notcve.org/view.php?id=CVE-2014-4349
25 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.1.x anterior a 4.1.14.1 y 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de tabla manipulado q... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 150EXPL: 0CVE-2014-1879 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2014-1879
20 Feb 2014 — Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Vulnerabilidad de XSS en import.php en phpMyAdmin anterior a 4.1.7 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de un nombre de archivo manipulado en una acción import. Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticat... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 3CVE-2013-5029 – Gentoo Linux Security Advisory 201311-02
https://notcve.org/view.php?id=CVE-2013-5029
19 Aug 2013 — phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. phpMyAdmin 3.5.x y 4.0.x anterior a 4.0.5, permite a atacantes remotos evitar la protección frente al clickjacking a través de determinados vectores relacionados con Header.class.php. Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks. Ve... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2013-4995 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2013-4995
30 Jul 2013 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information. Vulnerabilidad XSS en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a través de una petición SQL que no está manejada adecuadamen... • http://secunia.com/advisories/59832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2013-4996 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2013-4996
30 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file. Múltiples vulnerabilidades de XSS en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a atacantes r... • http://secunia.com/advisories/59832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-4997 – Gentoo Linux Security Advisory 201311-02
https://notcve.org/view.php?id=CVE-2013-4997
30 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value. Múltiples vulnerabilidades de XSS en phpMyAdmin 3.5.x anterior a 3.5.8.2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de vectores que involucran un evento JavaScript en (1) un identi... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •