Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5274)

Description

Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.

Remediation

References

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6333)

Lighttpd Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2022-41556)

WordPress Plugin Advanced Page Manager Cross-Site Scripting (1.4.1)

WordPress Plugin Advanced Custom Fields PRO Arbitrary File Upload (5.12.2)

PHP Deserialization of Untrusted Data Vulnerability (CVE-2018-19396)

Severity

Low

Classification

CVE-2014-5274 CWE-707

Tags

Missing Update Known Vulnerabilities