Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

Remediation

References

CVE-2014-5273

Related Vulnerabilities

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691)

Jenkins CVE-2014-2063 Vulnerability (CVE-2014-2063)

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

Magento Improper Authorization Vulnerability (CVE-2021-28563)

WordPress Plugin Monsters Editor for WP Super Edit Arbitrary File Upload (1.1)

Severity

Low

Classification

CVE-2014-5273 CWE-707

Tags

Missing Update Known Vulnerabilities