3.5
CVE-2014-4348
- EPSS 1.52%
- Veröffentlicht 25.06.2014 11:19:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpmyadmin ≫ Phpmyadmin Version4.2.0
Phpmyadmin ≫ Phpmyadmin Version4.2.1
Phpmyadmin ≫ Phpmyadmin Version4.2.2
Phpmyadmin ≫ Phpmyadmin Version4.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.52% | 0.713 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://phpmyadmin.net/home_page/security/PMASA-2014-2.php
http://www.securityfocus.com/bid/68201
https://github.com/phpmyadmin/phpmyadmin/commit/cb7c703c03f656debcea2a16468bd53660fc888e
https://github.com/phpmyadmin/phpmyadmin/commit/d18a2dd9faad7e0e96df799b59e16ef587afb838