Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

Remediation

References

CVE-2014-5273

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2002-1373)

Drupal Core 8.9.x Cross-Site Scripting (8.9.0 - 8.9.17)

WordPress Plugin Media Library Assistant SQL Injection (2.84)

WordPress Plugin Twitter Feed:Embedded Timeline 'url' Parameter Cross-Site Scripting (0.3.1)

LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16397)

Severity

Low

Classification

CVE-2014-5273 CWE-707

Tags

Missing Update Known Vulnerabilities