WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4954)

Description

Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.

Remediation

References

Related Vulnerabilities

MySQL CVE-2024-21231 Vulnerability (CVE-2024-21231)

Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3396)

WordPress Plugin Best Image Gallery & Responsive Photo Gallery-FooGallery Cross-Site Scripting (1.8.14)

Ruby Integer Overflow or Wraparound Vulnerability (CVE-2008-2663)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8563)

Severity

Low

Classification

CVE-2014-4954 CWE-707

Tags

Missing Update Known Vulnerabilities