Vulnerability Details CVE-2014-9219
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:243
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99137
- https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:243
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99137
- https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
Products affected by CVE-2014-9219
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.10
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.10.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.11
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.12
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.13
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.6
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.9
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.9.1