{"id":"CVE-2014-4954","details":"Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.","modified":"2026-01-27T04:12:50.006897Z","published":"2014-07-20T11:12:51Z","withdrawn":"2026-01-27T04:12:50.006897Z","related":["openSUSE-SU-2024:10054-1"],"references":[{"type":"ADVISORY","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/57475371a5b515c83bfc1bb2efcdf3ddb14787ed"},{"type":"WEB","url":"http://www.securityfocus.com/bid/68798"}],"schema_version":"1.7.3"}