All errata/t7/ALT-PU-2014-2150-1
ALT-PU-2014-2150-1

Package update phpMyAdmin in branch t7

Version4.2.8.1-alt1
Task#130548
Published2014-09-17
Max severityMEDIUM
Severity:

Closed issues (1)

CVE-2014-6300
MEDIUM4.3

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

Published: 2014-11-08Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References