VulnerableCode Package Details - pkg:deb/debian/phpmyadmin@4:4.2.7.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6d18-2pr4-pfdf	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.	CVE-2014-5273
VCID-dq1s-n5vp-q7gd	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.	CVE-2014-5274 GHSA-q586-xpwr-jc3j

Vulnerability

Summary

Aliases

VCID-6d18-2pr4-pfdf

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

CVE-2014-5273

VCID-dq1s-n5vp-q7gd

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.

CVE-2014-5274
GHSA-q586-xpwr-jc3j

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:13:34.837820+00:00	Debian Importer	Fixing	VCID-dq1s-n5vp-q7gd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:50:26.101547+00:00	Debian Importer	Fixing	VCID-6d18-2pr4-pfdf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:38:00.800713+00:00	Debian Importer	Fixing	VCID-dq1s-n5vp-q7gd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:20:21.132885+00:00	Debian Importer	Fixing	VCID-6d18-2pr4-pfdf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:50.569675+00:00	Debian Importer	Fixing	VCID-dq1s-n5vp-q7gd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:50.520898+00:00	Debian Importer	Fixing	VCID-6d18-2pr4-pfdf	https://security-tracker.debian.org/tracker/data/json	38.1.0