phpMyAdmin Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	69268
Class:	Input Validation Error
CVE:	CVE-2014-5273
Remote:	Yes
Local:	No
Published:	Aug 17 2014 12:00AM
Updated:	Apr 13 2015 09:59PM
Credit:	Ashutosh Dhundhara
Vulnerable:	phpMyAdmin phpMyAdmin 4.2.6 phpMyAdmin phpMyAdmin 4.2.5 phpMyAdmin phpMyAdmin 4.2.4 phpMyAdmin phpMyAdmin 4.2.3 phpMyAdmin phpMyAdmin 4.2.2 phpMyAdmin phpMyAdmin 4.2.1 phpMyAdmin phpMyAdmin 4.2 phpMyAdmin phpMyAdmin 4.1.14 phpMyAdmin phpMyAdmin 4.1.14.2 phpMyAdmin phpMyAdmin 4.1.14.1 phpMyAdmin phpMyAdmin 4.0.10.1 phpMyAdmin phpMyAdmin 4.0.10 Mandriva Business Server 1 X86 64 Mandriva Business Server 1
Not Vulnerable:	phpMyAdmin phpMyAdmin 4.2.7.1 phpMyAdmin phpMyAdmin 4.1.14.3 phpMyAdmin phpMyAdmin 4.0.10.2

phpMyAdmin Multiple Cross Site Scripting Vulnerabilities

phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

phpMyAdmin Multiple Cross Site Scripting Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

phpMyAdmin Multiple Cross Site Scripting Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.


Mandriva Business Server 1 X86 64

• Mandriva phpmyadmin-4.2.8-1.mbs1.noarch.rpm
  http://www.mandriva.com/en/downloads/

phpMyAdmin Multiple Cross Site Scripting Vulnerabilities

References:

• phpMyAdmin Homepage (phpMyAdmin)
  
• PMASA-2014-8 (phpMyAdmin)