Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-4348

Disclosure Date: June 25, 2014
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Technical Analysis