VDB
CVE-2014-5273
CVE-2014-5273
PUBLISHED
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.
EPSS 0.38% · 59.9th percentile
Risk Scores
EPSS Score
0.38%
59.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | phpmyadmin | 0, 4:4.0.6-1, 4:4.0.8-1 |
Exploit Intelligence
- openSUSE-SU-2014:1069 (circl)
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php (circl)
- 60397 (circl)
- https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614 (vulncheck-nvd)
- https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821 (vulncheck-nvd)
- https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb (vulncheck-nvd)
- https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb (vulncheck-nvd)
- https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c (vulncheck-nvd)
Timeline
- Aug 22, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2014-5273 third-party-advisory
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-5273 third-party-advisory