Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.

phpMyAdmin 4.2.9.1 (2014-10-01) ===============================

  - [security] XSS vulnerabilities in table search and table     structure pages

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.4, 4.1.x prior to 4.1.14.5, or 4.2.x prior to 4.2.9.1. It is, therefore, affected by an input validation error related to the 'ENUM' value and the files 'libraries/TableSearch.class.php' and 'libraries/Util.class.php'. This issue could allow cross-site scripting attacks.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

phpMyAdmin was updated fix a security issues [CVE-2014-7217] This update contains a fix for a cross-site scripting vulnerability in the table search and table structure pages which could be trigged with a crafted ENUM value.

Versions of phpMyAdmin earlier than 4.0.10.4, 4.1.14.5, and 4.2.9.1 are unpatched for cross-site scripting vulnerabilities affecting the table search and table structure pages. These vulnerabilities can be leveraged to steal cookie-based authentication, among other potential attacks, though note that they can only be leveraged by a logged-in user.

A vulnerability has been discovered and corrected in phpmyadmin :

With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages (CVE-2014-7217).

This upgrade provides the latest phpmyadmin version (4.2.9.1) to address this vulnerability.

The phpMyAdmin development team reports :

With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.

ID	Name	Product	Family	Severity
78374	Fedora 19 : phpMyAdmin-4.2.9.1-1.fc19 (2014-11983)	Nessus	Fedora Local Security Checks	low
78233	phpMyAdmin 4.0.x < 4.0.10.4 / 4.1.x < 4.1.14.5 / 4.2.x < 4.2.9.1 'ENUM' Value XSS (PMASA-2014-11)	Nessus	CGI abuses : XSS	low
78118	openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1280-1)	Nessus	SuSE Local Security Checks	low
78101	Fedora 21 : phpMyAdmin-4.2.9.1-1.fc21 (2014-11978)	Nessus	Fedora Local Security Checks	low
8542	phpMyAdmin 4.0.x < 4.0.10.4 / 4.1.x < 4.1.14.5 / 4.2.x < 4.2.9.1 Multiple XSS (PMASA-2014-11)	Nessus Network Monitor	CGI	low
78061	Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:194)	Nessus	Mandriva Local Security Checks	low
78057	Fedora 20 : phpMyAdmin-4.2.9.1-1.fc20 (2014-12085)	Nessus	Fedora Local Security Checks	low
78015	FreeBSD : phpMyAdmin -- XSS vulnerabilities (3e8b7f8a-49b0-11e4-b711-6805ca0b3d42)	Nessus	FreeBSD Local Security Checks	low

Detections

Analytics

CVE-2014-7217

medium

Tenable Plugins

low

low

low

low

low

low

low

low