VYPR
← All advisories
Low severityNVD Advisory· Published Jul 20, 2014· Updated May 6, 2026

CVE-2014-4986

CVE-2014-4986

Description

Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpmyadmin/phpmyadminPackagist
>= 4.0.0, < 4.0.10.14.0.10.1
phpmyadmin/phpmyadminPackagist
>= 4.1.0, < 4.1.14.24.1.14.2
phpmyadmin/phpmyadminPackagist
>= 4.2.0, < 4.2.64.2.6

Patches

1
29a1f56495a7

bug #4492 [security] XSS in AJAX confirmation messages

https://github.com/phpmyadmin/phpmyadminMarc DelisleJul 17, 2014via ghsa
commit
3 files changed · +4 2
  • ChangeLog+1 0 modified
    @@ -15,6 +15,7 @@ phpMyAdmin - ChangeLog
 - bug #4459 First few characters of database name aren't clickable when expanded
 - bug #4486 [security] XSS injection due to unescaped table comment
 - bug #4488 [security] XSS injection due to unescaped table name (triggers)
+- bug #4492 [security] XSS in AJAX confirmation messages
 
 4.2.5.0 (2014-06-26)
 - bug #4467 shell_exec() has been disabled for security reasons
  • js/functions.js+2 2 modified
    @@ -3548,7 +3548,7 @@ AJAX.registerOnload('functions.js', function () {
         var question = PMA_messages.strDropTableStrongWarning + ' ';
         question += $.sprintf(
             PMA_messages.strDoYouReally,
-            'DROP TABLE ' + PMA_commonParams.get('table')
+            'DROP TABLE ' + escapeHtml(PMA_commonParams.get('table'))
         );
 
         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
@@ -3614,7 +3614,7 @@ AJAX.registerOnload('functions.js', function () {
         var question = PMA_messages.strTruncateTableStrongWarning + ' ';
         question += $.sprintf(
             PMA_messages.strDoYouReally,
-            'TRUNCATE ' + PMA_commonParams.get('table')
+            'TRUNCATE ' + escapeHtml(PMA_commonParams.get('table'))
         );
         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
             PMA_ajaxShowMessage(PMA_messages.strProcessingRequest);
  • js/tbl_structure.js+1 0 modified
    @@ -198,6 +198,7 @@ AJAX.registerOnload('tbl_structure.js', function () {
          * @var curr_column_name    String containing name of the field referred to by {@link curr_row}
          */
         var curr_column_name = $curr_row.children('th').children('label').text();
+        curr_column_name = escapeHtml(curr_column_name);
         /**
          * @var $after_field_item    Corresponding entry in the 'After' field.
          */

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.