CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7260 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2018-7260
21 Feb 2018 — Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad Cross-Site Scripting (XSS) en db_central_columns.php en phpMyAdmin, en versiones anteriores a la 4.7.8, permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante una URL manipulada. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configu... • http://www.securityfocus.com/bid/103099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2016-6621
https://notcve.org/view.php?id=CVE-2016-6621
31 Jan 2017 — The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. La secuencia de comandos de instalación para phpMyAdmin en versiones anteriores a 4.0.10.19, 4.4.x en versiones anteriores a 4.4.15.10 y 4.6.x en versiones anteriores a 4.6.6 permite a atacantes remotos realizar ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especific... • http://www.securityfocus.com/bid/95914 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5097 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5097
05 Jul 2016 — phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. phpMyAdmin en versiones anteriores a 4.6.2 emplaza tokens en cadenas de consulta y no gestiona su eliminación antes de la navegación externa, lo que permite a atacantes remotos obtener información sensible leyendo (1) peticiones HTTP o (2) los registros del servidor. Multi... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 150EXPL: 0CVE-2014-1879 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2014-1879
20 Feb 2014 — Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Vulnerabilidad de XSS en import.php en phpMyAdmin anterior a 4.1.7 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de un nombre de archivo manipulado en una acción import. Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticat... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 8%CPEs: 12EXPL: 3CVE-2013-1937 – phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1937
16 Apr 2013 — Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable. ** EN DISPUTA ** Múltiples vulnerabilidades Cross-Site Scripting (XSS) en tbl_gis_visualization.php en phpMyAdmin, en versiones 3.5.x anteriores a la 3.5.8, permiten que atacantes re... • https://www.exploit-db.com/exploits/38440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2012-4345
https://notcve.org/view.php?id=CVE-2012-4345
21 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la página de (Database Structure) de datos en phpMyAdmin v3.4.x anterior a v3.4.11.1 y v3.5.x anterio... • http://www.mandriva.com/security/advisories?name=MDVSA-2012:136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 1CVE-2012-1190
https://notcve.org/view.php?id=CVE-2012-1190
03 May 2012 — Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad de replicación de configuración en js/replication.js en phpMyAdmin v3.4.x antes de v3.4.10.1, permite a los atacantes remotos asistidos por el usuario inyectar secuencias... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079435.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1902
https://notcve.org/view.php?id=CVE-2012-1902
06 Apr 2012 — show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file. show_config_errors.php en phpMyAdmin v3.4.x y anterior a v3.4.10.2, cuando un archivo de configuración no existe, permite a atacantes remotos obtener información sensible a través de una solicitud directa, lo cual revela la ruta de instalación en un m... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079435.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2011-4780
https://notcve.org/view.php?id=CVE-2011-4780
22 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en libraries/display_export.lib.php en phpMyAdmin v3.4.x antes de v3.4.9, permite a atacantes remotos inyectar secuencias de... • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2011-4782
https://notcve.org/view.php?id=CVE-2011-4782
22 Dec 2011 — Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) libraries/config/ConfigFile.class.php en el interfaz de configuración en phpMyAdmin v3.4.x antes de v3.4.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del p... • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •