[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-5273Date: (C)2014-08-22   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-60397
http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614
https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821
https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb
https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb
https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c
openSUSE-SU-2014:1069

CPE    39
cpe:/a:phpmyadmin:phpmyadmin:4.0.0
cpe:/a:phpmyadmin:phpmyadmin:4.0.1
cpe:/a:phpmyadmin:phpmyadmin:4.1.0
cpe:/a:phpmyadmin:phpmyadmin:4.0.4
...
CWE    1
CWE-79
OVAL    2
oval:org.secpod.oval:def:107432
oval:org.secpod.oval:def:107373

© SecPod Technologies