CVE-2014-8958 : Dettaglio

CVE-2014-8958

Cross-site Scripting
A03-Injection
0.6%V4
Network
2014-11-30
11h00 +00:00
2024-08-06
13h33 +00:00
CVE.org
NVD
Notifiche per una CVE specifica
Rimani informato su qualsiasi modifica relativa a una CVE specifica.
Gestione notifiche

Descrizioni CVE

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page.

Informazioni CVE

Vulnerabilità correlate

CWE-ID Nome della vulnerabilità Source
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Metriche

Metriche Punteggio Gravità CVSS Vettore Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N nvd@nist.gov

EPSS

EPSS è un modello di punteggio che prevede la probabilità che una vulnerabilità venga sfruttata.

Punteggio EPSS

Il modello EPSS produce un punteggio di probabilità compreso tra 0 e 1 (da 0 a 100%). Più alto è il punteggio, maggiore è la probabilità che una vulnerabilità venga sfruttata.

Percentile EPSS

Il percentile viene utilizzato per classificare le CVE in base al loro punteggio EPSS. Ad esempio, una CVE al 95° percentile secondo il suo punteggio EPSS ha una probabilità maggiore di essere sfruttata rispetto al 95% delle altre CVE. Il percentile consente quindi di confrontare il punteggio EPSS di una CVE con quello delle altre.
EPSS First.org

Products Mentioned

Configuraton 0

Phpmyadmin>>Phpmyadmin >> Version 4.0.0

Phpmyadmin>>Phpmyadmin >> Version 4.0.1

Phpmyadmin>>Phpmyadmin >> Version 4.0.2

Phpmyadmin>>Phpmyadmin >> Version 4.0.3

Phpmyadmin>>Phpmyadmin >> Version 4.0.4

Phpmyadmin>>Phpmyadmin >> Version 4.0.4.1

Phpmyadmin>>Phpmyadmin >> Version 4.0.4.2

Phpmyadmin>>Phpmyadmin >> Version 4.0.5

Phpmyadmin>>Phpmyadmin >> Version 4.0.6

Phpmyadmin>>Phpmyadmin >> Version 4.0.7

Phpmyadmin>>Phpmyadmin >> Version 4.0.8

Phpmyadmin>>Phpmyadmin >> Version 4.0.9

Phpmyadmin>>Phpmyadmin >> Version 4.0.10

Phpmyadmin>>Phpmyadmin >> Version 4.0.10.1

Phpmyadmin>>Phpmyadmin >> Version 4.0.10.2

Phpmyadmin>>Phpmyadmin >> Version 4.0.10.3

Phpmyadmin>>Phpmyadmin >> Version 4.0.10.4

Phpmyadmin>>Phpmyadmin >> Version 4.0.10.5

Phpmyadmin>>Phpmyadmin >> Version 4.1.0

Phpmyadmin>>Phpmyadmin >> Version 4.1.1

Phpmyadmin>>Phpmyadmin >> Version 4.1.2

Phpmyadmin>>Phpmyadmin >> Version 4.1.3

Phpmyadmin>>Phpmyadmin >> Version 4.1.4

Phpmyadmin>>Phpmyadmin >> Version 4.1.5

Phpmyadmin>>Phpmyadmin >> Version 4.1.6

Phpmyadmin>>Phpmyadmin >> Version 4.1.7

Phpmyadmin>>Phpmyadmin >> Version 4.1.8

Phpmyadmin>>Phpmyadmin >> Version 4.1.9

Phpmyadmin>>Phpmyadmin >> Version 4.1.10

Phpmyadmin>>Phpmyadmin >> Version 4.1.11

Phpmyadmin>>Phpmyadmin >> Version 4.1.12

Phpmyadmin>>Phpmyadmin >> Version 4.1.13

Phpmyadmin>>Phpmyadmin >> Version 4.1.14

Phpmyadmin>>Phpmyadmin >> Version 4.1.14.1

Phpmyadmin>>Phpmyadmin >> Version 4.1.14.2

Phpmyadmin>>Phpmyadmin >> Version 4.1.14.3

Phpmyadmin>>Phpmyadmin >> Version 4.1.14.4

Phpmyadmin>>Phpmyadmin >> Version 4.1.14.5

Phpmyadmin>>Phpmyadmin >> Version 4.1.14.6

Phpmyadmin>>Phpmyadmin >> Version 4.2.0

Phpmyadmin>>Phpmyadmin >> Version 4.2.1

Phpmyadmin>>Phpmyadmin >> Version 4.2.2

Phpmyadmin>>Phpmyadmin >> Version 4.2.3

Phpmyadmin>>Phpmyadmin >> Version 4.2.4

Phpmyadmin>>Phpmyadmin >> Version 4.2.5

Phpmyadmin>>Phpmyadmin >> Version 4.2.6

Phpmyadmin>>Phpmyadmin >> Version 4.2.7.1

Phpmyadmin>>Phpmyadmin >> Version 4.2.8

Phpmyadmin>>Phpmyadmin >> Version 4.2.8.1

Phpmyadmin>>Phpmyadmin >> Version 4.2.9

Phpmyadmin>>Phpmyadmin >> Version 4.2.9.1

Phpmyadmin>>Phpmyadmin >> Version 4.2.10.1

Phpmyadmin>>Phpmyadmin >> Version 4.2.11

Riferimenti

https://security.gentoo.org/glsa/201505-03
Tags : vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2015/dsa-3382
Tags : vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/71243
Tags : vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDVSA-2014:228
Tags : vendor-advisory, x_refsource_MANDRIVA
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.