CVE-2014-4349 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting9 documents6 sources

Severity

3.5LOWNVD

EPSS

0.4%

top 42.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJun 25

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.2.5-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.2.5-1+3

▶NVDphpmyadmin/phpmyadmin19 versions+18

Patches

Patch: phpmyadmin.net ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-47r4-gvw9-7fw7: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4↗2022-05-17

▶

OSV

CVE-2014-4349: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4↗2014-06-25

▶

📋Vendor Advisories

Red Hat

phpMyAdmin: Self-XSS due to unescaped HTML output in navigation items hiding feature↗2014-06-20

▶

Debian

CVE-2014-4349: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4...↗2014

▶

💬Community

Bugzilla

CVE-2014-4349 CVE-2014-4348 phpMyAdmin: various flaws [fedora-all]↗2014-07-09

▶

Bugzilla

CVE-2014-4349 CVE-2014-4348 phpMyAdmin: various flaws [epel-6]↗2014-07-09

▶

Bugzilla

CVE-2014-4349 CVE-2014-4348 phpMyAdmin: various flaws [epel-5]↗2014-07-09

▶

Bugzilla

CVE-2014-4349 phpMyAdmin: Self-XSS due to unescaped HTML output in navigation items hiding feature↗2014-07-09

▶