Page 18 of 87 results (0.005 seconds)

CVSS: 3.5EPSS: 0%CPEs: 55EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.5, 4.1.x anterior a 4.1.14.6, y 4.2.x anterior a 4.2.10.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre manipulado de (1) base de datos o (2) tabla, relacionado con el código libraries/DatabaseInterface.class.php para las salidas de purificación de SQL y el código js/server_status_monitor.js para la página del monitor de servidores. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php http://www.securityfocus.com/bid/70731 https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 43EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. Múltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x anterior a 4.0.10.4, 4.1.x anterior a 4.1.14.5, y 4.2.x anterior a 4.2.9.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor ENUM manipulado que se maneja indebidamente durante la renderización de la página de (1) búsqueda de tablas o (2) estructura de tablas, relacionado con libraries/TableSearch.class.php y libraries/Util.class.php. • http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html http://secunia.com/advisories/61777 http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php http://www.securityfocus.com/bid/70252 https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448 https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •