Description
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.
Remediation
References
Related Vulnerabilities
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.16.4)
MySQL CVE-2012-1696 Vulnerability (CVE-2012-1696)
WordPress Plugin Simple Popup Newsletter Cross-Site Scripting (1.4.7)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)
Liferay DXP Incorrect Authorization Vulnerability (CVE-2024-38002)