Page 18 of 90 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. Vulnerabilidad de XSS en la implementación micro history en phpMyAdmin 4.0.x anterior a 4.0.10.3, 4.1.x anterior a 4.1.14.4, y 4.2.x anterior a 4.2.8.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios , y como consecuencia realizar un ataque de CSRF para crear una cuenta root, a través de una URL manipulada, relacionado con js/ajax.js. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php http://www.securityfocus.com/bid/69790 https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 41EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.2, 4.1.x anterior a 4.1.14.3, y 4.2.x anterior a 4.2.7.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) la página de las tablas de navegación, relacionado con js/sql.js; (2) la página del editor ENUM, relacionado con js/functions.js; (3) la página de monitorización, relacionado con js/server_status_monitor.js; (4) la página de la consulta de gráficos, relacionado con js/tbl_chart.js; o (5) la página de las relaciones de tablas, relacionado con libraries/tbl_relation.lib.php. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614 https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821 https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb https://github.com/phpmyadmin/phpmyadmin&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 38EXPL: 0

Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Vulnerabilidad de XSS en la función PMA_TRI_getRowForList en libraries/rte/rte_list.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de disparador (trigger) manipulado que se maneja indebidamente en la página de disparadores (triggers) de la base de datos. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php http://www.securityfocus.com/bid/68799 https://github.com/phpmyadmin/phpmyadmin/commit/10014d4dc596b9e3a491bf04f3e708cf1887d5e1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 38EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. Múltiples vulnerabilidades de XSS en js/functions.js en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un nombre de tabla manipulado o (2) un nombre de columna manipulado que no se maneja debidamente durante la construcción de un mensaje de confirmación AJAX. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php http://www.securityfocus.com/bid/68803 https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 150EXPL: 0

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Vulnerabilidad de XSS en import.php en phpMyAdmin anterior a 4.1.7 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de un nombre de archivo manipulado en una acción import. • http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html http://secunia.com/advisories/59832 http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php http://www.securityfocus.com/bid/65717 https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •