In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-02-13
Updated
2023-02-23
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
Max CVSS
6.1
EPSS Score
1.04%
Published
2022-01-22
Updated
2023-11-26
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
Max CVSS
6.1
EPSS Score
0.84%
Published
2020-10-10
Updated
2021-01-28
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.
Max CVSS
5.4
EPSS Score
0.11%
Published
2020-03-22
Updated
2022-11-16
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
Max CVSS
6.1
EPSS Score
19.76%
Published
2018-12-11
Updated
2019-04-22
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.
Max CVSS
6.1
EPSS Score
0.22%
Published
2018-08-24
Updated
2018-10-26
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.
Max CVSS
6.1
EPSS Score
0.15%
Published
2018-06-21
Updated
2018-08-10
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
5.4
EPSS Score
0.21%
Published
2018-02-21
Updated
2018-03-06
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-07-17
Updated
2019-03-20
An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
Max CVSS
6.1
EPSS Score
0.11%
Published
2016-12-11
Updated
2017-07-01
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
Max CVSS
6.1
EPSS Score
0.11%
Published
2016-12-11
Updated
2017-07-01
XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.
Max CVSS
6.1
EPSS Score
0.14%
Published
2016-12-11
Updated
2018-07-08
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.
Max CVSS
6.1
EPSS Score
0.12%
Published
2016-12-11
Updated
2017-07-01
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Max CVSS
6.1
EPSS Score
0.14%
Published
2016-12-11
Updated
2017-07-01
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.
Max CVSS
6.1
EPSS Score
0.22%
Published
2016-07-03
Updated
2018-10-30
Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.
Max CVSS
6.1
EPSS Score
0.21%
Published
2016-07-03
Updated
2017-07-01
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.
Max CVSS
6.1
EPSS Score
0.24%
Published
2016-07-03
Updated
2018-10-30
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.
Max CVSS
6.1
EPSS Score
0.27%
Published
2016-07-03
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.
Max CVSS
6.1
EPSS Score
0.18%
Published
2016-07-03
Updated
2017-07-01
Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.
Max CVSS
6.1
EPSS Score
0.24%
Published
2016-07-05
Updated
2018-10-30
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.
Max CVSS
5.4
EPSS Score
0.14%
Published
2016-03-01
Updated
2016-12-03
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.
Max CVSS
6.1
EPSS Score
0.31%
Published
2016-03-01
Updated
2016-12-03
Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
Max CVSS
5.4
EPSS Score
0.13%
Published
2016-03-01
Updated
2016-12-03
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
Max CVSS
5.4
EPSS Score
0.12%
Published
2016-02-20
Updated
2016-08-02
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
Max CVSS
5.4
EPSS Score
0.11%
Published
2016-02-20
Updated
2018-10-30
99 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!