Web application abuses : phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2014-8)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.112006

Category: Web application abuses

Title: phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2014-8) - Linux

Summary: phpMyAdmin is prone to multiple cross-site scripting (XSS); vulnerabilities.

Description: Summary:
phpMyAdmin is prone to multiple cross-site scripting (XSS)
vulnerabilities.

Vulnerability Insight:
Multiple XSS vulnerabilities allow remote authenticated users to
inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js,

(2) ENUM editor page, related to js/functions.js,

(3) monitor page, related to js/server_status_monitor.js,

(4) query charts page, related to js/tbl_chart.js, or

(5) table relations page, related to libraries/tbl_relation.lib.php.

Affected Software/OS:
phpMyAdmin versions 4.0.x prior to 4.0.10.2, 4.1.x prior to
4.1.14.3, and 4.2.x prior to 4.2.7.1.

Solution:
Update to version 4.0.10.2, 4.1.14.3, 4.2.7.1 or later.

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-5273
http://secunia.com/advisories/60397
SuSE Security Announcement: openSUSE-SU-2014:1069 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html

Copyright Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.112006
Category:	Web application abuses
Title:	phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2014-8) - Linux
Summary:	phpMyAdmin is prone to multiple cross-site scripting (XSS); vulnerabilities.
Description:	Summary: phpMyAdmin is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: Multiple XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js, (2) ENUM editor page, related to js/functions.js, (3) monitor page, related to js/server_status_monitor.js, (4) query charts page, related to js/tbl_chart.js, or (5) table relations page, related to libraries/tbl_relation.lib.php. Affected Software/OS: phpMyAdmin versions 4.0.x prior to 4.0.10.2, 4.1.x prior to 4.1.14.3, and 4.2.x prior to 4.2.7.1. Solution: Update to version 4.0.10.2, 4.1.14.3, 4.2.7.1 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5273 http://secunia.com/advisories/60397 SuSE Security Announcement: openSUSE-SU-2014:1069 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html
Copyright	Copyright (C) 2017 Greenbone AG