Candidate: CVE-2014-5273
PublicDate: 2014-08-22 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5273
 http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
 before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow
 remote authenticated users to inject arbitrary web script or HTML via the
 (1) browse table page, related to js/sql.js; (2) ENUM editor page, related
 to js/functions.js; (3) monitor page, related to
 js/server_status_monitor.js; (4) query charts page, related to
 js/tbl_chart.js; or (5) table relations page, related to
 libraries/tbl_relation.lib.php.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758536
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_phpmyadmin:
upstream_phpmyadmin: needs-triage
lucid_phpmyadmin: ignored (reached end-of-life)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needed)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
utopic_phpmyadmin: ignored (reached end-of-life)
vivid_phpmyadmin: not-affected (4:4.2.7.1-1)
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
wily_phpmyadmin: not-affected (4:4.2.7.1-1)
xenial_phpmyadmin: not-affected (4:4.2.7.1-1)
yakkety_phpmyadmin: not-affected (4:4.2.7.1-1)
zesty_phpmyadmin: not-affected (4:4.2.7.1-1)
artful_phpmyadmin: not-affected (4:4.2.7.1-1)
bionic_phpmyadmin: not-affected (4:4.2.7.1-1)
cosmic_phpmyadmin: not-affected (4:4.2.7.1-1)
disco_phpmyadmin: not-affected (4:4.2.7.1-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.2.7.1-1)
groovy_phpmyadmin: not-affected (4:4.2.7.1-1)
hirsute_phpmyadmin: not-affected (4:4.2.7.1-1)
impish_phpmyadmin: not-affected (4:4.2.7.1-1)
jammy_phpmyadmin: not-affected (4:4.2.7.1-1)
devel_phpmyadmin: not-affected (4:4.2.7.1-1)