CVE-2013-4995

Published: 31 July 2013

Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.

Priority

Low

Status

Package Release Status
phpmyadmin
Launchpad, Ubuntu, Debian
Upstream
Released (4:4.0.4.2-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable