Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x prior to 4.4.15.7 and 4.6.x prior to 4.6.3 allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
opensuse opensuse 13.1 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |
||
phpmyadmin phpmyadmin 4.6.1 |
||
phpmyadmin phpmyadmin 4.6.0 |
||
phpmyadmin phpmyadmin 4.6.2 |
||
phpmyadmin phpmyadmin 4.4.9 |
||
phpmyadmin phpmyadmin 4.4.8 |
||
phpmyadmin phpmyadmin 4.4.15.4 |
||
phpmyadmin phpmyadmin 4.4.15.3 |
||
phpmyadmin phpmyadmin 4.4.12 |
||
phpmyadmin phpmyadmin 4.4.11 |
||
phpmyadmin phpmyadmin 4.4.6 |
||
phpmyadmin phpmyadmin 4.4.5 |
||
phpmyadmin phpmyadmin 4.4.4 |
||
phpmyadmin phpmyadmin 4.4.15 |
||
phpmyadmin phpmyadmin 4.4.14.1 |
||
phpmyadmin phpmyadmin 4.4.1 |
||
phpmyadmin phpmyadmin 4.4.0 |
||
phpmyadmin phpmyadmin 4.4.7 |
||
phpmyadmin phpmyadmin 4.4.6.1 |
||
phpmyadmin phpmyadmin 4.4.15.2 |
||
phpmyadmin phpmyadmin 4.4.15.1 |
||
phpmyadmin phpmyadmin 4.4.10 |
||
phpmyadmin phpmyadmin 4.4.1.1 |
||
phpmyadmin phpmyadmin 4.4.15.6 |
||
phpmyadmin phpmyadmin 4.4.15.5 |
||
phpmyadmin phpmyadmin 4.4.3 |
||
phpmyadmin phpmyadmin 4.4.2 |
||
phpmyadmin phpmyadmin 4.4.13.1 |
||
phpmyadmin phpmyadmin 4.4.13 |
Vulmon