CVE-2014-4348 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting9 documents6 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 60.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJun 25

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.2.5-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.2.5-1+3

▶NVDphpmyadmin/phpmyadmin4 versions+3

Patches

Patch: phpmyadmin.net ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-r43q-435x-vmw7: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4↗2022-05-17

▶

OSV

CVE-2014-4348: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4↗2014-06-25

▶

📋Vendor Advisories

Red Hat

phpMyAdmin: Self-XSS due to unescaped HTML output in recent/favorite tables navigation↗2014-06-20

▶

Debian

CVE-2014-4348: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4...↗2014

▶

💬Community

Bugzilla

CVE-2014-4349 CVE-2014-4348 phpMyAdmin: various flaws [fedora-all]↗2014-07-09

▶

Bugzilla

CVE-2014-4349 CVE-2014-4348 phpMyAdmin: various flaws [epel-6]↗2014-07-09

▶

Bugzilla

CVE-2014-4348 phpMyAdmin: Self-XSS due to unescaped HTML output in recent/favorite tables navigation↗2014-07-09

▶

Bugzilla

CVE-2014-4349 CVE-2014-4348 phpMyAdmin: various flaws [epel-5]↗2014-07-09

▶