CVE-2014-5273 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting7 documents5 sources

Severity

3.5LOWNVD

EPSS

0.4%

top 40.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedAug 22

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.2.7.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.2.7.1-1+3

▶NVDphpmyadmin/phpmyadmin39 versions+38

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-qjm2-f85j-5793: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4↗2022-05-17

▶

OSV

CVE-2014-5273: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4↗2014-08-22

▶

📋Vendor Advisories

Debian

CVE-2014-5273: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4...↗2014

▶

💬Community

Bugzilla

CVE-2014-5274 CVE-2014-5273 phpMyAdmin: various flaws [fedora-all]↗2014-08-18

▶

Bugzilla

CVE-2014-5274 CVE-2014-5273 phpMyAdmin: various flaws [epel-7]↗2014-08-18

▶

Bugzilla

CVE-2014-5273 phpMyAdmin: multiple cross-site scripting issues (PMASA-2014-8)↗2014-08-18

▶