CVE-2014-7217 — Cross-site Scripting in Phpmyadmin
Severity
3.5LOWNVD
EPSS
0.3%
top 43.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 3
Latest updateMay 17
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
1Debian▶
CVE-2014-7217: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4...↗2014
💬Community
6Bugzilla▶
CVE-2014-7217 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.4, 4.1.14.5, and 4.2.9.1 (PMASA-2014-11)↗2014-10-02
Bugzilla▶
CVE-2014-7217 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.4, 4.1.14.5, and 4.2.9.1 (PMASA-2014-11) [fedora-all]↗2014-10-02
Bugzilla▶
CVE-2014-7217 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.4, 4.1.14.5, and 4.2.9.1 (PMASA-2014-11) [epel-6]↗2014-10-02
Bugzilla▶
CVE-2014-7217 phpMyAdmin3: phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.4, 4.1.14.5, and 4.2.9.1 (PMASA-2014-11) [epel-5]↗2014-10-02
Bugzilla▶
CVE-2014-7217 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.4, 4.1.14.5, and 4.2.9.1 (PMASA-2014-11) [epel-5]↗2014-10-02