CVE-2014-4349

Published: 25 June 2014

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.

Priority

Medium

Status

Package Release Status
phpmyadmin
Launchpad, Ubuntu, Debian
Upstream
Released (4:4.2.5-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4:4.2.5-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4:4.2.5-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)