Candidate: CVE-2014-4954
PublicDate: 2014-07-20 11:12:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4954
 https://github.com/phpmyadmin/phpmyadmin/commit/57475371a5b515c83bfc1bb2efcdf3ddb14787ed
 http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php
Description:
 Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks
 function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6
 allows remote authenticated users to inject arbitrary web script or HTML
 via a crafted table comment that is improperly handled during construction
 of a database structure page.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Frans Rosén
Assigned-to:
CVSS: 

Patches_phpmyadmin:
 upstream: https://github.com/phpmyadmin/phpmyadmin/commit/57475371a5b515c83bfc1bb2efcdf3ddb14787ed
upstream_phpmyadmin: released (4.2.6)
lucid_phpmyadmin: not-affected
precise_phpmyadmin: not-affected
trusty_phpmyadmin: not-affected
trusty/esm_phpmyadmin: not-affected
utopic_phpmyadmin: not-affected (4:4.2.6-1)
devel_phpmyadmin: not-affected (4:4.2.6-1)