CVSS: 3.5EPSS: 0%CPEs: 38EXPL: 0CVE-2014-4986
https://notcve.org/view.php?id=CVE-2014-4986
Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. Múltiples vulnerabilidades de XSS en js/functions.js en phpMyAdmin 4.0.x anterior a 4.0.10.1, 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un nombre de tabla manipulado o (2) un nombre de columna manipulado que no se maneja debidamente durante la construcción de un mensaje de confirmación AJAX. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html http://secunia.com/advisories/60397 http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php http://www.securityfocus.com/bid/68803 https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d https://security.gentoo.org/glsa/201505-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 150EXPL: 0CVE-2014-1879
https://notcve.org/view.php?id=CVE-2014-1879
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Vulnerabilidad de XSS en import.php en phpMyAdmin anterior a 4.1.7 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de un nombre de archivo manipulado en una acción import. • http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html http://secunia.com/advisories/59832 http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php http://www.securityfocus.com/bid/65717 https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 3CVE-2013-5029
https://notcve.org/view.php?id=CVE-2013-5029
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. phpMyAdmin 3.5.x y 4.0.x anterior a 4.0.5, permite a atacantes remotos evitar la protección frente al clickjacking a través de determinados vectores relacionados con Header.class.php. • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html http://secunia.com/advisories/54488 http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748800373f7 https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf525043687c66f • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0CVE-2013-4998
https://notcve.org/view.php?id=CVE-2013-4998
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a atacantes remotos obtener información sensible a través de una petición inválida, que revela la ruta de instalación en un mensaje de error. Relacionado con pmd_common.php y otros archivos. • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4999
https://notcve.org/view.php?id=CVE-2013-4999
phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. phpMyAdmin 4.0.x anterior a 4.0.4.2, permite a atacantes remotos obtener información sensible a través de una petición inválida, que revela la ruta de instalación en un mensaje de error. Relacionado con Error.class.php y Error_Handler.class.php. • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •