CVE-2014-8326
https://notcve.org/view.php?id=CVE-2014-8326
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.5, 4.1.x anterior a 4.1.14.6, y 4.2.x anterior a 4.2.10.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre manipulado de (1) base de datos o (2) tabla, relacionado con el código libraries/DatabaseInterface.class.php para las salidas de purificación de SQL y el código js/server_status_monitor.js para la página del monitor de servidores. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php http://www.securityfocus.com/bid/70731 https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-7217
https://notcve.org/view.php?id=CVE-2014-7217
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.4, 4.1.x anterior a 4.1.14.5, y 4.2.x anterior a 4.2.9.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor ENUM manipulado que se maneja indebidamente durante la renderización de la página de (1) búsqueda de tablas o (2) estructura de tablas, relacionado con libraries/TableSearch.class.php y libraries/Util.class.php. • http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html http://secunia.com/advisories/61777 http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php http://www.securityfocus.com/bid/70252 https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448 https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6300
https://notcve.org/view.php?id=CVE-2014-6300
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. Vulnerabilidad de XSS en la implementación micro history en phpMyAdmin 4.0.x anterior a 4.0.10.3, 4.1.x anterior a 4.1.14.4, y 4.2.x anterior a 4.2.8.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios , y como consecuencia realizar un ataque de CSRF para crear una cuenta root, a través de una URL manipulada, relacionado con js/ajax.js. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php http://www.securityfocus.com/bid/69790 https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •