Lucene search

FreeBSD3E8B7F8A-49B0-11E4-B711-6805CA0B3D42

HistoryOct 01, 2014 - 12:00 a.m.

phpMyAdmin -- XSS vulnerabilities

2014-10-0100:00:00

vuxml.freebsd.org

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.0%

JSON

The phpMyAdmin development team reports:

With a crafted ENUM value it is possible to trigger an
XSS in table search and table structure pages. This
vulnerability can be triggered only by someone who is
logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
pages.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphpmyadmin= 4.2.0UNKNOWN
FreeBSDanynoarchphpmyadmin< 4.2.9.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	phpmyadmin	= 4.2.0	UNKNOWN
FreeBSD	any	noarch	phpmyadmin	< 4.2.9.1	UNKNOWN

References

www.phpmyadmin.net/home_page/security/PMASA-2014-11.php

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.0%

JSON

Related for 3E8B7F8A-49B0-11E4-B711-6805CA0B3D42