Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.

Remediation

References

CVE-2014-4348

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3672)

PHP mail function ASCII control character header spoofing vulnerability

WordPress Plugin WP Popups-WordPress Popup builder Cross-Site Scripting (2.1.4.6)

silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4961)

Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)

Severity

Low

Classification

CVE-2014-4348 CWE-707

Tags

Missing Update Known Vulnerabilities