Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.
{
"unresolved_ranges": [
{
"vendor_product": "opensuse:leap",
"cpes": [
"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "42.1"
},
{
"last_affected": "42.1"
}
],
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"
],
"vendor_product": "opensuse:opensuse",
"extracted_events": [
{
"introduced": "13.1"
},
{
"last_affected": "13.1"
},
{
"introduced": "13.2"
},
{
"last_affected": "13.2"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": [
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*",
"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "4.6.0"
},
{
"last_affected": "4.6.0"
},
{
"introduced": "4.6.0-alpha1"
},
{
"last_affected": "4.6.0-alpha1"
},
{
"introduced": "4.6.0-rc1"
},
{
"last_affected": "4.6.0-rc1"
},
{
"introduced": "4.6.0-rc2"
},
{
"last_affected": "4.6.0-rc2"
},
{
"introduced": "4.6.1"
},
{
"last_affected": "4.6.1"
},
{
"introduced": "4.6.2"
},
{
"last_affected": "4.6.2"
},
{
"introduced": "4.4.0"
},
{
"last_affected": "4.4.0"
},
{
"introduced": "4.4.1"
},
{
"last_affected": "4.4.1"
},
{
"introduced": "4.4.1.1"
},
{
"last_affected": "4.4.1.1"
},
{
"introduced": "4.4.2"
},
{
"last_affected": "4.4.2"
},
{
"introduced": "4.4.3"
},
{
"last_affected": "4.4.3"
},
{
"introduced": "4.4.4"
},
{
"last_affected": "4.4.4"
},
{
"introduced": "4.4.5"
},
{
"last_affected": "4.4.5"
},
{
"introduced": "4.4.6"
},
{
"last_affected": "4.4.6"
},
{
"introduced": "4.4.6.1"
},
{
"last_affected": "4.4.6.1"
},
{
"introduced": "4.4.7"
},
{
"last_affected": "4.4.7"
},
{
"introduced": "4.4.8"
},
{
"last_affected": "4.4.8"
},
{
"introduced": "4.4.9"
},
{
"last_affected": "4.4.9"
},
{
"introduced": "4.4.10"
},
{
"last_affected": "4.4.10"
},
{
"introduced": "4.4.11"
},
{
"last_affected": "4.4.11"
},
{
"introduced": "4.4.12"
},
{
"last_affected": "4.4.12"
},
{
"introduced": "4.4.13"
},
{
"last_affected": "4.4.13"
},
{
"introduced": "4.4.13.1"
},
{
"last_affected": "4.4.13.1"
},
{
"introduced": "4.4.14.1"
},
{
"last_affected": "4.4.14.1"
},
{
"introduced": "4.4.15"
},
{
"last_affected": "4.4.15"
},
{
"introduced": "4.4.15.1"
},
{
"last_affected": "4.4.15.1"
},
{
"introduced": "4.4.15.2"
},
{
"last_affected": "4.4.15.2"
},
{
"introduced": "4.4.15.3"
},
{
"last_affected": "4.4.15.3"
},
{
"introduced": "4.4.15.4"
},
{
"last_affected": "4.4.15.4"
},
{
"introduced": "4.4.15.5"
},
{
"last_affected": "4.4.15.5"
},
{
"introduced": "4.4.15.6"
},
{
"last_affected": "4.4.15.6"
}
],
"source": [
"CPE_STRING",
"REFERENCES"
]
}