Lucene search

MitreCVE-2014-4955

HistoryJul 20, 2014 - 11:12 a.m.

CVE-2014-4955

2014-07-2011:12:51

CWE-79

mitre

web.nvd.nist.gov

cve-2014-4955

cross-site scripting

xss

pma_tri_getrowforlist

phpmyadmin

security vulnerability

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch4.0.0

phpmyadminphpmyadminMatch4.0.0rc2

phpmyadminphpmyadminMatch4.0.0rc3

phpmyadminphpmyadminMatch4.0.1

phpmyadminphpmyadminMatch4.0.2

phpmyadminphpmyadminMatch4.0.3

phpmyadminphpmyadminMatch4.0.4

phpmyadminphpmyadminMatch4.0.4.1

phpmyadminphpmyadminMatch4.0.4.2

phpmyadminphpmyadminMatch4.0.5

phpmyadminphpmyadminMatch4.0.6

phpmyadminphpmyadminMatch4.0.7

phpmyadminphpmyadminMatch4.0.8

phpmyadminphpmyadminMatch4.0.9

phpmyadminphpmyadminMatch4.0.10

phpmyadminphpmyadminMatch4.0.10.0

phpmyadminphpmyadminMatch4.1.0

phpmyadminphpmyadminMatch4.1.1

phpmyadminphpmyadminMatch4.1.2

phpmyadminphpmyadminMatch4.1.3

phpmyadminphpmyadminMatch4.1.4

phpmyadminphpmyadminMatch4.1.5

phpmyadminphpmyadminMatch4.1.6

phpmyadminphpmyadminMatch4.1.7

phpmyadminphpmyadminMatch4.1.8

phpmyadminphpmyadminMatch4.1.9

phpmyadminphpmyadminMatch4.1.10

phpmyadminphpmyadminMatch4.1.11

phpmyadminphpmyadminMatch4.1.12

phpmyadminphpmyadminMatch4.1.13

phpmyadminphpmyadminMatch4.1.14

phpmyadminphpmyadminMatch4.1.14.1

phpmyadminphpmyadminMatch4.2.0

phpmyadminphpmyadminMatch4.2.1

phpmyadminphpmyadminMatch4.2.2

phpmyadminphpmyadminMatch4.2.3

phpmyadminphpmyadminMatch4.2.4

phpmyadminphpmyadminMatch4.2.5

VendorProductVersionCPE
phpmyadminphpmyadmin4.0.0cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin4.0.0cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*
phpmyadminphpmyadmin4.0.0cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc3:*:*:*:*:*:*
phpmyadminphpmyadmin4.0.1cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin4.0.2cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*
phpmyadminphpmyadmin4.0.3cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*
phpmyadminphpmyadmin4.0.4cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*
phpmyadminphpmyadmin4.0.4.1cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin4.0.4.2cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*
phpmyadminphpmyadmin4.0.5cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	4.0.0	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:::::::*
phpmyadmin	phpmyadmin	4.0.0	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2::::::
phpmyadmin	phpmyadmin	4.0.0	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc3::::::
phpmyadmin	phpmyadmin	4.0.1	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:::::::*
phpmyadmin	phpmyadmin	4.0.2	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:::::::*
phpmyadmin	phpmyadmin	4.0.3	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:::::::*
phpmyadmin	phpmyadmin	4.0.4	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:::::::*
phpmyadmin	phpmyadmin	4.0.4.1	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:::::::*
phpmyadmin	phpmyadmin	4.0.4.2	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:::::::*
phpmyadmin	phpmyadmin	4.0.5	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:::::::*