CVE-2014-6300Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting9 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 49.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PhpmyadminDebian PhpmyadminOpensuse
Timeline
PublishedNov 8
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.2.8.1-1 (bookworm)
Packagistphpmyadmin/phpmyadmin4.0.04.0.10.3+2
Debianphpmyadmin/phpmyadmin< 4:4.2.8.1-1+3
NVDphpmyadmin/phpmyadmin40 versions+39
NVDopensuse/opensuse12.3, 13.1+1

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

3
OSV
phpMyAdmin micro history Implementation XSS Vulnerability2022-05-14
GHSA
phpMyAdmin micro history Implementation XSS Vulnerability2022-05-14
OSV
CVE-2014-6300: Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 42014-11-08

📋Vendor Advisories

1
Debian
CVE-2014-6300: phpmyadmin - Cross-site scripting (XSS) vulnerability in the micro history implementation in ...2014

💬Community

4
Bugzilla
CVE-2014-6300 phpMyAdmin3: phpMyAdmin: XSS flaw possibly leading to root account creation (PMASA-2014-10) [epel-5]2014-09-15
Bugzilla
CVE-2014-6300 phpMyAdmin: XSS flaw possibly leading to root account creation (PMASA-2014-10)2014-09-15
Bugzilla
CVE-2014-6300 phpMyAdmin: XSS flaw possibly leading to root account creation (PMASA-2014-10) [epel-all]2014-09-15
Bugzilla
CVE-2014-6300 phpMyAdmin: XSS flaw possibly leading to root account creation (PMASA-2014-10) [fedora-all]2014-09-15