3.5

CVE-2014-5273

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version4.0.0
PhpmyadminPhpmyadmin Version4.0.0 Updaterc2
PhpmyadminPhpmyadmin Version4.0.0 Updaterc3
PhpmyadminPhpmyadmin Version4.0.1
PhpmyadminPhpmyadmin Version4.0.2
PhpmyadminPhpmyadmin Version4.0.3
PhpmyadminPhpmyadmin Version4.0.4
PhpmyadminPhpmyadmin Version4.0.4.1
PhpmyadminPhpmyadmin Version4.0.4.2
PhpmyadminPhpmyadmin Version4.0.5
PhpmyadminPhpmyadmin Version4.0.6
PhpmyadminPhpmyadmin Version4.0.7
PhpmyadminPhpmyadmin Version4.0.8
PhpmyadminPhpmyadmin Version4.0.9
PhpmyadminPhpmyadmin Version4.0.10
PhpmyadminPhpmyadmin Version4.0.10.1
PhpmyadminPhpmyadmin Version4.1.0
PhpmyadminPhpmyadmin Version4.1.1
PhpmyadminPhpmyadmin Version4.1.2
PhpmyadminPhpmyadmin Version4.1.3
PhpmyadminPhpmyadmin Version4.1.4
PhpmyadminPhpmyadmin Version4.1.5
PhpmyadminPhpmyadmin Version4.1.6
PhpmyadminPhpmyadmin Version4.1.7
PhpmyadminPhpmyadmin Version4.1.8
PhpmyadminPhpmyadmin Version4.1.9
PhpmyadminPhpmyadmin Version4.1.10
PhpmyadminPhpmyadmin Version4.1.11
PhpmyadminPhpmyadmin Version4.1.12
PhpmyadminPhpmyadmin Version4.1.13
PhpmyadminPhpmyadmin Version4.1.14
PhpmyadminPhpmyadmin Version4.1.14.1
PhpmyadminPhpmyadmin Version4.1.14.2
PhpmyadminPhpmyadmin Version4.2.0
PhpmyadminPhpmyadmin Version4.2.1
PhpmyadminPhpmyadmin Version4.2.2
PhpmyadminPhpmyadmin Version4.2.3
PhpmyadminPhpmyadmin Version4.2.4
PhpmyadminPhpmyadmin Version4.2.5
PhpmyadminPhpmyadmin Version4.2.6
PhpmyadminPhpmyadmin Version4.2.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.71% 0.743
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html
http://secunia.com/advisories/60397
http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
Vendor Advisory
https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614
Patch
Exploit
https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821
Patch
Exploit
https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb
Patch
Exploit
https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb
Patch
Exploit
https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c
Patch
Exploit