7 matches found
EUVD-2014-4872
Malware in sbrugna...
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:143)
Multiple vulnerabilities has been discovered and corrected in phpmyadmin : Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a...
CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
Self-XSS due to unescaped HTML output in database triggers page.
PMASA-2014-5 Announcement-ID: PMASA-2014-5 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database triggers page. Description When navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name. Severity We consider this vulnerability t...