Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-5273

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

Published

2014-08-22T01:55:08.717

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phpmyadmin	phpmyadmin	4.0.0	Yes
Application	phpmyadmin	phpmyadmin	4.0.0	Yes
Application	phpmyadmin	phpmyadmin	4.0.0	Yes
Application	phpmyadmin	phpmyadmin	4.0.1	Yes
Application	phpmyadmin	phpmyadmin	4.0.2	Yes
Application	phpmyadmin	phpmyadmin	4.0.3	Yes
Application	phpmyadmin	phpmyadmin	4.0.4	Yes
Application	phpmyadmin	phpmyadmin	4.0.4.1	Yes
Application	phpmyadmin	phpmyadmin	4.0.4.2	Yes
Application	phpmyadmin	phpmyadmin	4.0.5	Yes
Application	phpmyadmin	phpmyadmin	4.0.6	Yes
Application	phpmyadmin	phpmyadmin	4.0.7	Yes
Application	phpmyadmin	phpmyadmin	4.0.8	Yes
Application	phpmyadmin	phpmyadmin	4.0.9	Yes
Application	phpmyadmin	phpmyadmin	4.0.10	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.1	Yes
Application	phpmyadmin	phpmyadmin	4.1.0	Yes
Application	phpmyadmin	phpmyadmin	4.1.1	Yes
Application	phpmyadmin	phpmyadmin	4.1.2	Yes
Application	phpmyadmin	phpmyadmin	4.1.3	Yes
Application	phpmyadmin	phpmyadmin	4.1.4	Yes
Application	phpmyadmin	phpmyadmin	4.1.5	Yes
Application	phpmyadmin	phpmyadmin	4.1.6	Yes
Application	phpmyadmin	phpmyadmin	4.1.7	Yes
Application	phpmyadmin	phpmyadmin	4.1.8	Yes
Application	phpmyadmin	phpmyadmin	4.1.9	Yes
Application	phpmyadmin	phpmyadmin	4.1.10	Yes
Application	phpmyadmin	phpmyadmin	4.1.11	Yes
Application	phpmyadmin	phpmyadmin	4.1.12	Yes
Application	phpmyadmin	phpmyadmin	4.1.13	Yes
Application	phpmyadmin	phpmyadmin	4.1.14	Yes
Application	phpmyadmin	phpmyadmin	4.1.14.1	Yes
Application	phpmyadmin	phpmyadmin	4.1.14.2	Yes
Application	phpmyadmin	phpmyadmin	4.2.0	Yes
Application	phpmyadmin	phpmyadmin	4.2.1	Yes
Application	phpmyadmin	phpmyadmin	4.2.2	Yes
Application	phpmyadmin	phpmyadmin	4.2.3	Yes
Application	phpmyadmin	phpmyadmin	4.2.4	Yes
Application	phpmyadmin	phpmyadmin	4.2.5	Yes
Application	phpmyadmin	phpmyadmin	4.2.6	Yes
Application	phpmyadmin	phpmyadmin	4.2.7	Yes

References

http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html ([email protected])
http://secunia.com/advisories/60397 ([email protected])
http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php Vendor Advisory ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614 Exploit, Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821 Exploit, Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb Exploit, Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb Exploit, Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c Exploit, Patch ([email protected])
http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/60397 (af854a3a-2127-422b-91ae-364da2661108)
http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)