CVE-2014-9219

medium

Description

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

References

http://www.mandriva.com/security/advisories?name=MDVSA-2014:243

http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php

https://exchange.xforce.ibmcloud.com/vulnerabilities/99137

https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2

Details

Source: MITRE

Published: 2014-12-08

Updated: 2017-09-08

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM