CVE-2014-6300 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-6300 Interim 1 7 2022-10-15T17:14:53Z current 2021-05-30T13:22:41Z 2022-10-15T17:14:53Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-6300 Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html E-Mail link for openSUSE-SU-2014:1150-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed phpMyAdmin-4.6.5.2-1.1 phpMyAdmin-4.6.5.2-1.1 as a component of openSUSE Tumbleweed Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. CVE-2014-6300 openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N