FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- XSS vulnerabilities

Affected packages
4.2.0 <= phpMyAdmin < 4.2.9.1

Details

VuXML ID 3e8b7f8a-49b0-11e4-b711-6805ca0b3d42
Discovery 2014-10-01
Entry 2014-10-01

The phpMyAdmin development team reports:

With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.

References

CVE Name CVE-2014-7217
URL http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php