Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-6300

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

Related bugs and status

CVE-2014-6300 (Candidate) is related to these bugs:

Bug #1441654: CVE-2014-6300: XSRF/CSRF due to DOM based XSS in the micro history feature

Summary				In	Importance	Status
	1441654	CVE-2014-6300: XSRF/CSRF due to DOM based XSS in the micro history feature		phpmyadmin (Ubuntu)	Undecided	Expired

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.phpmyadmin....
CONFIRM: https://github.com/php...
SUSE: openSUSE-SU-2014:1150
BID: 69790
GENTOO: GLSA-201505-03