Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:203)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : - XSS due to unescaped HTML Output when executing a SQL query CVE-2013-4995. - 5 XSS vulnerabilities in setup, chart display, process list, and logo link. If a crafted version.json would be presented, an XSS could be...

CVE-2013-5000

CVE-2013-5000 affects phpMyAdmin 3.5.x before 3.5.8.2. The issue is information disclosure via an invalid request that reveals the installation path in an error message, related to config.default.php and other files. The vulnerability allows partial disclosure of sensitive paths when exploited. A...

CVE-2013-4997

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...

CVE-2013-4998

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmdcommon.php and other files...

CVE-2013-5002

Cross-site scripting XSS vulnerability in libraries/schema/ExportRelationSchema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schemaexport.php...

CVE-2013-4996

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...

CVE-2013-4995

Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...

CVE-2013-4998

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmdcommon.php and other files...

CVE-2013-4997

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...

CVE-2013-4999

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and ErrorHandler.class.php...

CVE-2013-5001

Cross-site scripting XSS vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a...

CVE-2013-5000

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files...

CVE-2013-5003

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via 1 the scale parameter to pmdpdf.php or 2 the pdfpagenumber parameter to schemaexport.php...

CVE-2013-5002

Summary (CVE-2013-5002): phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 contain a cross-site scripting (XSS) vulnerability. An authenticated remote user can inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. The issue arises in libraries/schema/Expo...

CVE-2013-5001

CVE-2013-5001 affects phpMyAdmin 4.0.x before 4.0.4.2. The issue is a Cross-site Scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php that enables remote authenticated users to inject arbitrary web script or HTML via a crafted object ...

CVE-2013-4997

CVE-2013-4997 affects phpMyAdmin 3.5.x before 3.5.8.2, enabling remote XSS via a JavaScript event in an anchor to setup/index.php or in the chartTitle value. Impact is arbitrary script execution in the same user context. Remediation: upgrade to phpMyAdmin 3.5.8.2 or newer (per linked advisories)....

CVE-2013-5003

CVE-2013-5003 affects phpMyAdmin 3.5.x < 3.5.8.2 and 4.0.x

CVE-2013-5001

Cross-site scripting XSS vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a...

CVE-2013-4996

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...