CVE-2014-8326 — Cross-site Scripting in Phpmyadmin
Severity
3.5LOWNVD
EPSS
0.3%
top 49.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 5
Latest updateMay 14
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9
Affected Packages5 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
1Debian▶
CVE-2014-8326: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4...↗2014
💬Community
6Bugzilla▶
CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12)↗2014-10-22
Bugzilla▶
CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [epel-6]↗2014-10-22
Bugzilla▶
CVE-2014-8326 phpMyAdmin4: phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [epel-5]↗2014-10-22
Bugzilla▶
CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [epel-7]↗2014-10-22
Bugzilla▶
CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [fedora-all]↗2014-10-22