OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpmyadmin	Phpmyadmin

Configuration 1 [-]

OR	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html
http://phpmyadmin.net/home_page/security/PMASA-2014-3.php
http://secunia.com/advisories/60397
http://www.securityfocus.com/bid/68205
https://github.com/phpmyadmin/phpmyadmin/commit/d4f754c937f9e2c0beadff5b2e38215dde1d6a79
https://github.com/phpmyadmin/phpmyadmin/commit/daa98d0c7ed24b529dc5df0d5905873acd0b00be
https://nvd.nist.gov/vuln/detail/CVE-2014-4349
https://www.cve.org/CVERecord?id=CVE-2014-4349

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-06-25T10:00:00

Updated: 2024-08-06T11:12:35.275Z

Reserved: 2014-06-20T00:00:00

Link: CVE-2014-4349

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-06-25T11:19:22.573

Modified: 2024-11-21T02:10:01.197

Link: CVE-2014-4349

Redhat

Severity : Moderate

Publid Date: 2014-06-20T00:00:00Z

Links: CVE-2014-4349 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object