phpMyAdmin micro history Implementation XSS Vulnerability
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Aug 15, 2023
Package
Affected versions
>= 4.0.0, < 4.0.10.3
>= 4.1.0, < 4.1.14.4
>= 4.2.0, < 4.2.8.1
Patched versions
4.0.10.3
4.1.14.4
4.2.8.1
Description
Published by the National Vulnerability Database
Nov 8, 2014
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Aug 15, 2023
Last updated
Aug 15, 2023
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.
References