CVE-2014-9219 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting7 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 36.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 8

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.2.12-2 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.2.12-2+3

▶NVDphpmyadmin/phpmyadmin18 versions+17

🔴Vulnerability Details

GHSA

GHSA-jfjq-rg72-h4xp: Cross-site scripting (XSS) vulnerability in the redirection feature in url↗2022-05-17

▶

OSV

CVE-2014-9219: Cross-site scripting (XSS) vulnerability in the redirection feature in url↗2014-12-08

▶

📋Vendor Advisories

Debian

CVE-2014-9219: phpmyadmin - Cross-site scripting (XSS) vulnerability in the redirection feature in url.php i...↗2014

▶

💬Community

Bugzilla

CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism↗2014-12-04

▶

Bugzilla

CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism [epel-7]↗2014-12-04

▶

Bugzilla

CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism [fedora-all]↗2014-12-04

▶