{"url":"http://public2.vulnerablecode.io/api/packages/62974?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.1.0","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"4.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.14+3","latest_non_vulnerable_version":"5.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43835?format=json","vulnerability_id":"VCID-a4fa-ms27-93fn","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5274","reference_id":"CVE-2014-5274","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5274"},{"reference_url":"https://github.com/advisories/GHSA-q586-xpwr-jc3j","reference_id":"GHSA-q586-xpwr-jc3j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q586-xpwr-jc3j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62976?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/62977?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.2.7%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.7%252B1"}],"aliases":["CVE-2014-5274","GHSA-q586-xpwr-jc3j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4fa-ms27-93fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44009?format=json","vulnerability_id":"VCID-amgy-teas-euh5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76"},{"reference_url":"https://web.archive.org/web/20200228163625/http://www.securityfocus.com/bid/70731","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228163625/http://www.securityfocus.com/bid/70731"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8326","reference_id":"CVE-2014-8326","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8326"},{"reference_url":"https://github.com/advisories/GHSA-pvr5-84gr-g985","reference_id":"GHSA-pvr5-84gr-g985","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pvr5-84gr-g985"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63271?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B6"},{"url":"http://public2.vulnerablecode.io/api/packages/63272?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.2.10%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.10%252B1"}],"aliases":["CVE-2014-8326","GHSA-pvr5-84gr-g985"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amgy-teas-euh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44063?format=json","vulnerability_id":"VCID-n7cc-xfym-u7g4","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac"},{"reference_url":"https://security.gentoo.org/glsa/201505-03","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201505-03"},{"reference_url":"https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6300","reference_id":"CVE-2014-6300","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6300"},{"reference_url":"https://github.com/advisories/GHSA-6wfj-2mw7-p5cg","reference_id":"GHSA-6wfj-2mw7-p5cg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6wfj-2mw7-p5cg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63335?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B4"},{"url":"http://public2.vulnerablecode.io/api/packages/63336?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.2.8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.8%252B1"}],"aliases":["CVE-2014-6300","GHSA-6wfj-2mw7-p5cg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7cc-xfym-u7g4"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.0"}