3.5
CVE-2014-5273
- EPSS 1.71%
- Veröffentlicht 22.08.2014 01:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpmyadmin ≫ Phpmyadmin Version4.0.0
Phpmyadmin ≫ Phpmyadmin Version4.0.0 Updaterc2
Phpmyadmin ≫ Phpmyadmin Version4.0.0 Updaterc3
Phpmyadmin ≫ Phpmyadmin Version4.0.1
Phpmyadmin ≫ Phpmyadmin Version4.0.2
Phpmyadmin ≫ Phpmyadmin Version4.0.3
Phpmyadmin ≫ Phpmyadmin Version4.0.4
Phpmyadmin ≫ Phpmyadmin Version4.0.4.1
Phpmyadmin ≫ Phpmyadmin Version4.0.4.2
Phpmyadmin ≫ Phpmyadmin Version4.0.5
Phpmyadmin ≫ Phpmyadmin Version4.0.6
Phpmyadmin ≫ Phpmyadmin Version4.0.7
Phpmyadmin ≫ Phpmyadmin Version4.0.8
Phpmyadmin ≫ Phpmyadmin Version4.0.9
Phpmyadmin ≫ Phpmyadmin Version4.0.10
Phpmyadmin ≫ Phpmyadmin Version4.0.10.1
Phpmyadmin ≫ Phpmyadmin Version4.1.0
Phpmyadmin ≫ Phpmyadmin Version4.1.1
Phpmyadmin ≫ Phpmyadmin Version4.1.2
Phpmyadmin ≫ Phpmyadmin Version4.1.3
Phpmyadmin ≫ Phpmyadmin Version4.1.4
Phpmyadmin ≫ Phpmyadmin Version4.1.5
Phpmyadmin ≫ Phpmyadmin Version4.1.6
Phpmyadmin ≫ Phpmyadmin Version4.1.7
Phpmyadmin ≫ Phpmyadmin Version4.1.8
Phpmyadmin ≫ Phpmyadmin Version4.1.9
Phpmyadmin ≫ Phpmyadmin Version4.1.10
Phpmyadmin ≫ Phpmyadmin Version4.1.11
Phpmyadmin ≫ Phpmyadmin Version4.1.12
Phpmyadmin ≫ Phpmyadmin Version4.1.13
Phpmyadmin ≫ Phpmyadmin Version4.1.14
Phpmyadmin ≫ Phpmyadmin Version4.1.14.1
Phpmyadmin ≫ Phpmyadmin Version4.1.14.2
Phpmyadmin ≫ Phpmyadmin Version4.2.0
Phpmyadmin ≫ Phpmyadmin Version4.2.1
Phpmyadmin ≫ Phpmyadmin Version4.2.2
Phpmyadmin ≫ Phpmyadmin Version4.2.3
Phpmyadmin ≫ Phpmyadmin Version4.2.4
Phpmyadmin ≫ Phpmyadmin Version4.2.5
Phpmyadmin ≫ Phpmyadmin Version4.2.6
Phpmyadmin ≫ Phpmyadmin Version4.2.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.71% | 0.743 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html
http://secunia.com/advisories/60397
http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614
https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821
https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb
https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb
https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c