{"id":"CVE-2014-5274","details":"Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.","aliases":["GHSA-q586-xpwr-jc3j"],"modified":"2026-04-16T01:39:33.930356138Z","published":"2014-08-22T01:55:08Z","withdrawn":"2026-01-27T04:12:52.754460Z","related":["openSUSE-SU-2024:10054-1"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/60397"},{"type":"ADVISORY","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"}],"schema_version":"1.7.3"}