CVE-2014-8960
EPSS 0.29%
Description
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
How to fix CVE-2014-8960
To remediate CVE-2014-8960, upgrade the affected package to a fixed version below.
- Debian/phpmyadmin—upgrade to 4:4.2.12-1 or later
Is CVE-2014-8960 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4:4.2.12-1