CVE-2016-2043Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting7 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.4%
top 39.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PhpmyadminDebian PhpmyadminFedoraproject Fedora+2 more
Timeline
PublishedFeb 20
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.5.4-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:4.5.4-1+3
NVDphpmyadmin/phpmyadmin27 versions+26
NVDopensuse/leap42.1
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Fedora 22, 23

Patches

Patch: www.phpmyadmin.netPatch: github.comPatch: www.phpmyadmin.net

🔴Vulnerability Details

2
GHSA
GHSA-f8wg-85r4-g3g3: Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization2022-05-14
OSV
CVE-2016-2043: Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization2016-02-20

📋Vendor Advisories

1
Debian
CVE-2016-2043: phpmyadmin - Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/nor...2016

💬Community

3
Bugzilla
CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7)2016-01-28
Bugzilla
CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [fedora-all]2016-01-28
Bugzilla
CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [epel-all]2016-01-28