Vulnerabilities > Phpmyadmin > Phpmyadmin > 4.2.10

DATE CVE VULNERABILITY TITLE RISK
2014-12-08 CVE-2014-9219 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
network
phpmyadmin CWE-79
4.3
4.3
2014-12-08 CVE-2014-9218 Resource Management Errors vulnerability in PHPmyadmin
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.
network
low complexity
phpmyadmin CWE-399
5.0
5.0
2014-11-30 CVE-2014-8960 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
network
phpmyadmin CWE-79
3.5
3.5
2014-11-30 CVE-2014-8959 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.
network
low complexity
opensuse phpmyadmin CWE-22
6.5
6.5
2014-11-05 CVE-2014-8326 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. 		3.5
3.5