Lucene search

[email protected]CVE-2014-4349

HistoryJun 25, 2014 - 11:19 a.m.

CVE-2014-4349

2014-06-2511:19:22

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-4349

cross-site scripting

xss

phpmyadmin

security vulnerability

remote authentication

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.002

Percentile

51.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.

Affected configurations

NVD

Node

phpmyadminphpmyadminMatch4.2.0

phpmyadminphpmyadminMatch4.2.1

phpmyadminphpmyadminMatch4.2.2

phpmyadminphpmyadminMatch4.2.3

Node

phpmyadminphpmyadminMatch4.1.0

phpmyadminphpmyadminMatch4.1.1

phpmyadminphpmyadminMatch4.1.2

phpmyadminphpmyadminMatch4.1.3

phpmyadminphpmyadminMatch4.1.4

phpmyadminphpmyadminMatch4.1.5

phpmyadminphpmyadminMatch4.1.6

phpmyadminphpmyadminMatch4.1.7

phpmyadminphpmyadminMatch4.1.8

phpmyadminphpmyadminMatch4.1.9

phpmyadminphpmyadminMatch4.1.10

phpmyadminphpmyadminMatch4.1.11

phpmyadminphpmyadminMatch4.1.12

phpmyadminphpmyadminMatch4.1.13

phpmyadminphpmyadminMatch4.1.14

VendorProductVersionCPE
phpmyadminphpmyadmin4.2.2cpe:/a:phpmyadmin:phpmyadmin:4.2.2:::
phpmyadminphpmyadmin4.2.0cpe:/a:phpmyadmin:phpmyadmin:4.2.0:::
phpmyadminphpmyadmin4.2.3cpe:/a:phpmyadmin:phpmyadmin:4.2.3:::
phpmyadminphpmyadmin4.2.1cpe:/a:phpmyadmin:phpmyadmin:4.2.1:::

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	4.2.2	cpe:/a:phpmyadmin:phpmyadmin:4.2.2:::
phpmyadmin	phpmyadmin	4.2.0	cpe:/a:phpmyadmin:phpmyadmin:4.2.0:::
phpmyadmin	phpmyadmin	4.2.3	cpe:/a:phpmyadmin:phpmyadmin:4.2.3:::
phpmyadmin	phpmyadmin	4.2.1	cpe:/a:phpmyadmin:phpmyadmin:4.2.1:::