CVE-2014-8960 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting7 documents5 sources

Severity

3.5LOWNVD

EPSS

0.3%

top 47.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedNov 30

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.2.12-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.2.12-1+3

▶NVDphpmyadmin/phpmyadmin35 versions+34

🔴Vulnerability Details

GHSA

GHSA-mj57-whgp-4577: Cross-site scripting (XSS) vulnerability in libraries/error_report↗2022-05-17

▶

OSV

CVE-2014-8960: Cross-site scripting (XSS) vulnerability in libraries/error_report↗2014-11-30

▶

📋Vendor Advisories

Debian

CVE-2014-8960: phpmyadmin - Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in th...↗2014

▶

💬Community

Bugzilla

CVE-2014-8960 phpMyAdmin: XSS vulnerability in error reporting functionality (PMASA-2014-15) [epel-7]↗2014-11-21

▶

Bugzilla

CVE-2014-8960 phpMyAdmin: XSS vulnerability in error reporting functionality (PMASA-2014-15) [fedora-all]↗2014-11-21

▶

Bugzilla

CVE-2014-8960 phpMyAdmin: XSS vulnerability in error reporting functionality (PMASA-2014-15)↗2014-11-21

▶