Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
typo3TYPO3 AssociationTYPO3-EXT-SA-2014-016
HistoryNov 05, 2014 - 12:00 a.m.

Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin)

2014-11-0500:00:00
TYPO3 Association
typo3.org
94

EPSS

0.001

Percentile

49.1%

JSON

It has been discovered that the extension “phpMyAdmin” (phpmyadmin) is susceptible to Cross-Site Scripting.

Release Date: November 5, 2014

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.

Affected Versions: 4.18.0, 4.18.1, 4.18.2 and 4.18.3

Vulnerability Type: XSS

Severity: Low

Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:ND/RL:O/RC:C

References: PMASA-2014-11

Related CVE: CVE-2014-7217

Problem Description: Crafted database content can trigger XSS in table search and table structure pages.

Solution: An updated version 4.18.4 is available from the TYPO3 extension manager and at <http://typo3.org/extensions/repository/download/phpmyadmin/4.18.4/t3x/&gt;. Users of the extension are advised to update the extension as soon as possible.

Credits: The vendor of the phpMyAdmin upstream software credits Ashutosh Dhundhara. Thanks to Andreas Beutel for providing a TYPO3 extension package with an updated phpMyAdmin version.

General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.

Related

nessus 7
mageia 1
openvas 5
cvelist 1
cve 1
fedora 3
osv 2
github 1
ubuntucve 1
phpmyadmin 1
debiancve 1
freebsd 1
prion 1
securityvulns 2
nvd 1
nessus
nessus
FreeBSD : phpMyAdmin -- XSS vulnerabilities (3e8b7f8a-49b0-11e4-b711-6805ca0b3d42)
2014-10-02 00:00:00
Fedora 19 : phpMyAdmin-4.2.9.1-1.fc19 (2014-11983)
2014-10-12 00:00:00
Fedora 20 : phpMyAdmin-4.2.9.1-1.fc20 (2014-12085)
2014-10-06 00:00:00
mageia
mageia
Updated phpmyadmin package fixes security vulnerability
2014-10-07 13:22:51
openvas
openvas
phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities (Oct 2014) - Linux
2017-08-21 00:00:00
Fedora Update for phpMyAdmin FEDORA-2014-11983
2014-10-12 00:00:00
Mageia: Security Advisory (MGASA-2014-0402)
2022-01-28 00:00:00
cvelist
cvelist
CVE-2014-7217
2014-10-03 01:00:00
cve
cve
CVE-2014-7217
2014-10-03 01:55:08
fedora
fedora
[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.9.1-1.fc21
2014-10-08 19:06:12
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.9.1-1.fc20
2014-10-05 08:14:21
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.9.1-1.fc19
2014-10-11 06:52:59
osv
osv
phpMyAdmin cross-site scripting Vulnerability via ENUM value
2022-05-17 03:57:46
phpMyAdmin-4.6.5.2-1.1 on GA media
2024-06-15 00:00:00
github
github
phpMyAdmin cross-site scripting Vulnerability via ENUM value
2022-05-17 03:57:46
ubuntucve
ubuntucve
CVE-2014-7217
2014-10-03 00:00:00
phpmyadmin
phpmyadmin
XSS vulnerabilities in table search and table structure pages.
2014-10-01 00:00:00
debiancve
debiancve
CVE-2014-7217
2014-10-03 01:55:08
freebsd
freebsd
phpMyAdmin -- XSS vulnerabilities
2014-10-01 00:00:00
prion
prion
Cross site scripting
2014-10-03 01:55:00
securityvulns
securityvulns
[ MDVSA-2014:194 ] phpmyadmin
2014-10-14 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-10-14 00:00:00
nvd
nvd
CVE-2014-7217
2014-10-03 01:55:08

EPSS

0.001

Percentile

49.1%

JSON
Related for TYPO3-EXT-SA-2014-016
nessus7mageia1openvas5cvelist1cve1fedora3osv2github1ubuntucve1phpmyadmin1debiancve1freebsd1prion1securityvulns2nvd1