VDB

GCVE-110-MAGEIA-2014-275

GCVE-110-MAGEIA-2014-275
Advisory Published
Vulnetix · Advisory published June 27, 2014
Updated phpmyadmin packages fix security vulnerability: In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding or unhiding a crafted table name in the navigation, due to unescaped HTML output in the navigation items hiding feature. Note that this vulnerability can only be triggered by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form (CVE-2014-4349).

Affected Products

VendorProductVersionsPlatforms
Mageiaphpmyadmin0 (affected), 4.1.14.1-1.mga3 (unaffected)
Mageiaphpmyadmin0 (affected), 4.1.14.1-1.mga4 (unaffected)

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›