Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-5273

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

Related bugs and status

CVE-2014-5273 (Candidate) is related to these bugs:

Bug #1441648: CVE-2014-5273: Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages

Summary				In	Importance	Status
	1441648	CVE-2014-5273: Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages		phpmyadmin (Ubuntu)	Undecided	Expired

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.phpmyadmin....
CONFIRM: https://github.com/php...
CONFIRM: https://github.com/php...
CONFIRM: https://github.com/php...
CONFIRM: https://github.com/php...
CONFIRM: https://github.com/php...
SECUNIA: 60397
SUSE: openSUSE-SU-2014:1069