Fluid Attacks Database

Description

phpMyAdmin cross-site scripting vulnerability in crafted view name A cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=4.1.0 <4.1.14.3 \|\| >=4.2.0 <4.2.7.1	4.1.14.3, 4.2.7.1
debian 13	phpmyadmin	>=0 <4:4.2.7.1-1	4:4.2.7.1-1
debian 12	phpmyadmin	>=0 <4:4.2.7.1-1	4:4.2.7.1-1
debian 11	phpmyadmin	>=0 <4:4.2.7.1-1	4:4.2.7.1-1

Aliases

1. CVE-2014-52742. NVD-2014-52743. OSV-2014-52744. OSV-DEBIAN-2014-52745. GCVE-2014-52746. SECURITY-TRACKER-CVE-2014-5274

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f2. http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html3. http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.