{"url":"http://public2.vulnerablecode.io/api/packages/63334?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B3","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"4.0.10+3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.0.10+5","latest_non_vulnerable_version":"5.2.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44063?format=json","vulnerability_id":"VCID-n7cc-xfym-u7g4","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac"},{"reference_url":"https://security.gentoo.org/glsa/201505-03","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201505-03"},{"reference_url":"https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6300","reference_id":"CVE-2014-6300","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6300"},{"reference_url":"https://github.com/advisories/GHSA-6wfj-2mw7-p5cg","reference_id":"GHSA-6wfj-2mw7-p5cg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6wfj-2mw7-p5cg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63334?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/63335?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B4"},{"url":"http://public2.vulnerablecode.io/api/packages/63336?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.2.8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.8%252B1"}],"aliases":["CVE-2014-6300","GHSA-6wfj-2mw7-p5cg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7cc-xfym-u7g4"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B3"}