Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR

phpMyAdmin micro history Implementation XSS Vulnerability

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

Permalink: https://github.com/advisories/GHSA-6wfj-2mw7-p5cg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago


EPSS Percentage: 0.00225
EPSS Percentile: 0.60831

Identifiers: GHSA-6wfj-2mw7-p5cg, CVE-2014-6300
References: Repository: https://github.com/phpmyadmin/phpmyadmin
Blast Radius: 0.0

Affected Packages

packagist:phpmyadmin/phpmyadmin
Dependent packages: 4
Dependent repositories: 15
Downloads: 324,333 total
Affected Version Ranges: >= 4.2.0, < 4.2.8.1, >= 4.1.0, < 4.1.14.4, >= 4.0.0, < 4.0.10.3
Fixed in: 4.2.8.1, 4.1.14.4, 4.0.10.3
All affected versions: 4.0.0, 4.0.1-0.1, 4.0.1-0.2, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1
All unaffected versions: 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10