CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4955 – Mandriva Linux Security Advisory 2014-143
https://notcve.org/view.php?id=CVE-2014-4955
20 Jul 2014 — Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Vulnerabilidad de XSS en la función PMA_TRI_getRowForList en libraries/rte/rte_list.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2014-4348 – Mandriva Linux Security Advisory 2014-126
https://notcve.org/view.php?id=CVE-2014-4348
25 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre manipulado de (1) base de d... • http://phpmyadmin.net/home_page/security/PMASA-2014-2.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 2CVE-2014-4349 – Mandriva Linux Security Advisory 2014-126
https://notcve.org/view.php?id=CVE-2014-4349
25 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.1.x anterior a 4.1.14.1 y 4.2.x anterior a 4.2.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de tabla manipulado q... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 150EXPL: 0CVE-2014-1879 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2014-1879
20 Feb 2014 — Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Vulnerabilidad de XSS en import.php en phpMyAdmin anterior a 4.1.7 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de un nombre de archivo manipulado en una acción import. Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticat... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 3CVE-2013-5029 – Gentoo Linux Security Advisory 201311-02
https://notcve.org/view.php?id=CVE-2013-5029
19 Aug 2013 — phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. phpMyAdmin 3.5.x y 4.0.x anterior a 4.0.5, permite a atacantes remotos evitar la protección frente al clickjacking a través de determinados vectores relacionados con Header.class.php. Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks. Ve... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2013-4995 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2013-4995
30 Jul 2013 — Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information. Vulnerabilidad XSS en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a través de una petición SQL que no está manejada adecuadamen... • http://secunia.com/advisories/59832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2013-4996 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2013-4996
30 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file. Múltiples vulnerabilidades de XSS en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a atacantes r... • http://secunia.com/advisories/59832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2013-4998 – Mandriva Linux Security Advisory 2013-203
https://notcve.org/view.php?id=CVE-2013-4998
30 Jul 2013 — phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a atacantes remotos obtener información sensible a través de una petición inválida, que revela la ruta de instalación en un mensaje de error. Relacionado con pmd_common.php y otros archivos. Multiple vul... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4999 – Gentoo Linux Security Advisory 201311-02
https://notcve.org/view.php?id=CVE-2013-4999
30 Jul 2013 — phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. phpMyAdmin 4.0.x anterior a 4.0.4.2, permite a atacantes remotos obtener información sensible a través de una petición inválida, que revela la ruta de instalación en un mensaje de error. Relacionado con Error.class.php y Error_Handler.class.php. Multiple vulnerabilities have been found ... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2013-5001 – Gentoo Linux Security Advisory 201311-02
https://notcve.org/view.php?id=CVE-2013-5001
30 Jul 2013 — Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. Vulnerabilidad XSS enlibraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php en phpMyAdmin 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente inyectar s... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •