Candidate: CVE-2014-6300
PublicDate: 2014-11-08 11:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300
 http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
Description:
 Cross-site scripting (XSS) vulnerability in the micro history
 implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4,
 and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web
 script or HTML, and consequently conduct a cross-site request forgery
 (CSRF) attack to create a root account, via a crafted URL, related to
 js/ajax.js.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_phpmyadmin:
upstream_phpmyadmin: released (4:4.2.8.1-1)
lucid_phpmyadmin: ignored (reached end-of-life)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needs-triage)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
utopic_phpmyadmin: ignored (reached end-of-life)
vivid_phpmyadmin: not-affected (4:4.2.8.1-1)
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
wily_phpmyadmin: not-affected (4:4.2.8.1-1)
xenial_phpmyadmin: not-affected (4:4.2.8.1-1)
yakkety_phpmyadmin: not-affected (4:4.2.8.1-1)
zesty_phpmyadmin: not-affected (4:4.2.8.1-1)
artful_phpmyadmin: not-affected (4:4.2.8.1-1)
bionic_phpmyadmin: not-affected (4:4.2.8.1-1)
cosmic_phpmyadmin: not-affected (4:4.2.8.1-1)
disco_phpmyadmin: not-affected (4:4.2.8.1-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.2.8.1-1)
groovy_phpmyadmin: not-affected (4:4.2.8.1-1)
hirsute_phpmyadmin: not-affected (4:4.2.8.1-1)
impish_phpmyadmin: not-affected (4:4.2.8.1-1)
jammy_phpmyadmin: not-affected (4:4.2.8.1-1)
devel_phpmyadmin: not-affected (4:4.2.8.1-1)