DescriptionCross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 220.127.116.11, 4.1.x before 18.104.22.168, and 4.2.x before 22.214.171.124 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- openSUSE-SU-2014:1150-1, published Mon, 22 Sep 2014 15:04:14 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA phpMyAdmin-126.96.36.199-1.1
SUSE Timeline for this CVECVE page created: Mon Sep 15 08:28:24 2014
CVE page last modified: Fri Oct 7 12:46:51 2022