CVE-2014-4986 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

3.5LOWNVD

EPSS

0.3%

top 43.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJul 20

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.2.6-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin4.0.0 — 4.0.10.1+2

▶Debianphpmyadmin/phpmyadmin< 4:4.2.6-1+3

▶NVDphpmyadmin/phpmyadmin36 versions+35

🔴Vulnerability Details

GHSA

phpMyAdmin cross-site scripting Vulnerability in Table or Column Names↗2022-05-17

▶

OSV

phpMyAdmin cross-site scripting Vulnerability in Table or Column Names↗2022-05-17

▶

OSV

CVE-2014-4986: Multiple cross-site scripting (XSS) vulnerabilities in js/functions↗2014-07-20

▶

📋Vendor Advisories

Debian

CVE-2014-4986: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyA...↗2014

▶

💬Community

Bugzilla

CVE-2014-4986 phpMyAdmin: Multiple XSS in AJAX confirmation messages (PMASA-2014-6)↗2014-07-23

▶