Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4955)

Description

Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.

Remediation

References

Related Vulnerabilities

MongoDb Improper Input Validation Vulnerability (CVE-2024-3372)

Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2026-33857)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3176)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4431)

WordPress Plugin Gwolle Guestbook Multiple Vulnerabilities (2.1.0)

Severity

Low

Classification

CVE-2014-4955 CWE-707

Tags

Missing Update Known Vulnerabilities