Description
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Server Log Viewer Cross-Site Scripting (1.0)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31547)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-15901)
WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Multiple Vulnerabilities (3.0.8)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6212)