DescriptionCross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 188.8.131.52, 4.1.x before 184.108.40.206, and 4.2.x before 220.127.116.11 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- openSUSE-SU-2014:1150-1, published Mon, 22 Sep 2014 15:04:14 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA phpMyAdmin