CVSS: 3.5EPSS: 0%CPEs: 43EXPL: 0CVE-2014-7217
https://notcve.org/view.php?id=CVE-2014-7217
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.4, 4.1.x anterior a 4.1.14.5, y 4.2.x anterior a 4.2.9.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor ENUM manipulado que se maneja indebidamente durante la renderización de la página de (1) búsqueda de tablas o (2) estructura de tablas, relacionado con libraries/TableSearch.class.php y libraries/Util.class.php. • http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html http://secunia.com/advisories/61777 http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php http://www.securityfocus.com/bid/70252 https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448 https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0CVE-2014-6300
https://notcve.org/view.php?id=CVE-2014-6300
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. Vulnerabilidad de XSS en la implementación micro history en phpMyAdmin 4.0.x anterior a 4.0.10.3, 4.1.x anterior a 4.1.14.4, y 4.2.x anterior a 4.2.8.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios , y como consecuencia realizar un ataque de CSRF para crear una cuenta root, a través de una URL manipulada, relacionado con js/ajax.js. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php http://www.securityfocus.com/bid/69790 https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 41EXPL: 5CVE-2014-5273
https://notcve.org/view.php?id=CVE-2014-5273
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.2, 4.1.x anterior a 4.1.14.3, y 4.2.x anterior a 4.2.7.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) la página de las tablas de navegación, relacionado con js/sql.js; (2) la página del editor ENUM, relacionado con js/functions.js; (3) la página de monitorización, relacionado con js/server_status_monitor.js; (4) la página de la consulta de gráficos, relacionado con js/tbl_chart.js; o (5) la página de las relaciones de tablas, relacionado con libraries/tbl_relation.lib.php. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614 https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821 https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb https://github.com/phpmyadmin/phpmyadmin&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 27EXPL: 1CVE-2014-5274
https://notcve.org/view.php?id=CVE-2014-5274
Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. Vulnerabilidad de XSS en la página de visualización de operaciones en phpMyAdmin 4.1.x anterior a 4.1.14.3 y 4.2.x anterior a 4.2.7.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de visualización manipulado, relacionado con js/functions.js. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4955
https://notcve.org/view.php?id=CVE-2014-4955
Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Vulnerabilidad de XSS en la función PMA_TRI_getRowForList en libraries/rte/rte_list.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de disparador (trigger) manipulado que se maneja indebidamente en la página de disparadores (triggers) de la base de datos. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php http://www.securityfocus.com/bid/68799 https://github.com/phpmyadmin/phpmyadmin/commit/10014d4dc596b9e3a491bf04f3e708cf1887d5e1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •