Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before, 4.4.x before, and 4.5.x before allow
remote attackers to inject arbitrary web script or HTML via (1) a crafted
Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON
data, related to file_echo.php; (3) a crafted SQL query, related to
js/functions.js; (4) the initial parameter to
libraries/server_privileges.lib.php in the user accounts page; or (5) the
it parameter to libraries/controllers/TableSearchController.class.php in
the zoom search page.
Upstream:released (4:
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4:4.6.0-2)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):not-affected (4:4.6.0-2)
More Information

Updated: 2020-04-24 03:27:48 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)