Vulnerabilities > Phpmyadmin > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-21 | CVE-2018-7260 | Cross-site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2016-12-11 | CVE-2016-4412 | 7PK - Security Features vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 3.6 |
| 2016-12-11 | CVE-2016-6613 | Information Exposure vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 2.1 |
| 2016-03-01 | CVE-2016-2559 | Cross-site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. | 3.5 |
| 2016-03-01 | CVE-2016-2561 | Cross-site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. | 3.5 |
| 2016-02-20 | CVE-2016-2040 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. | 3.5 |
| 2016-02-20 | CVE-2016-2043 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. | 3.5 |
| 2016-02-20 | CVE-2016-2045 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. | 3.5 |
| 2014-12-26 | CVE-2011-3591 | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js. | 3.5 |
| 2014-12-26 | CVE-2011-3592 | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation. | 3.5 |