Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
phpmyadminPhpMyAdminPHPMYADMIN:PMASA-2014-18
HistoryDec 03, 2014 - 12:00 a.m.

XSS vulnerability in redirection mechanism.

2014-12-0300:00:00
www.phpmyadmin.net
12

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.4%

JSON

PMASA-2014-18

Announcement-ID: PMASA-2014-18

Date: 2014-12-03

Summary

XSS vulnerability in redirection mechanism.

Description

With a crafted URL it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin.

Severity

We consider this vulnerability to be non critical.

Affected Versions

Versions 4.2.x (prior to 4.2.13.1) are affected.

Solution

Upgrade to phpMyAdmin 4.2.13.1 or newer, or apply the patch listed below.

References

Thanks to Manuel Fernandez of ElevenPaths for reporting this vulnerability.

Assigned CVE ids: CVE-2014-9219

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CPENameOperatorVersion
phpmyadminle4.2.13.1

Related

debiancve 1
prion 1
ubuntucve 1
openvas 4
cve 1
fedora 3
freebsd 1
nessus 7
securityvulns 2
debiancve
debiancve
CVE-2014-9219
2014-12-08 11:59:00
prion
prion
Cross site scripting
2014-12-08 11:59:00
ubuntucve
ubuntucve
CVE-2014-9219
2014-12-08 00:00:00
openvas
openvas
phpMyAdmin 'url.php' Cross Site Scripting Vulnerability (Dec 2014)
2014-12-22 00:00:00
Fedora Update for phpMyAdmin FEDORA-2014-16327
2015-01-05 00:00:00
Fedora Update for phpMyAdmin FEDORA-2014-16358
2014-12-12 00:00:00
cve
cve
CVE-2014-9219
2014-12-08 11:59:00
fedora
fedora
[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.13.1-1.fc21
2014-12-12 04:10:10
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.13.1-1.fc19
2014-12-15 04:28:07
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.13.1-1.fc20
2014-12-12 04:20:42
freebsd
freebsd
phpMyAdmin -- XSS and DoS vulnerabilities
2014-12-03 00:00:00
nessus
nessus
Fedora 21 : phpMyAdmin-4.2.13.1-1.fc21 (2014-16327)
2014-12-15 00:00:00
openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1636-1)
2014-12-16 00:00:00
Fedora 20 : phpMyAdmin-4.2.13.1-1.fc20 (2014-16358)
2014-12-15 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:243 ] phpmyadmin
2014-12-22 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-12-22 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.4%

JSON
Related for PHPMYADMIN:PMASA-2014-18
debiancve1prion1ubuntucve1openvas4cve1fedora3freebsd1nessus7securityvulns2