CVE-2016-2559Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting14 documents5 sources
Severity
6.1MEDIUMNVD
NVD5.4GHSA5.4OSV5.4
EPSS
0.3%
top 48.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedDec 11
Latest updateMay 17

Description

An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.6.5.1-1 (bookworm)+1
Packagistphpmyadmin/phpmyadmin4.64.6.5+3
Debianphpmyadmin/phpmyadmin< 4:4.6.5.1-1+7
NVDphpmyadmin/phpmyadmin73 versions+72

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

6
GHSA
phpMyAdmin XSS Vulnerability2022-05-17
OSV
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser2022-05-17
OSV
phpMyAdmin XSS Vulnerability2022-05-17
GHSA
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser2022-05-17
OSV
CVE-2016-9856: An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-102016-12-11

📋Vendor Advisories

2
Debian
CVE-2016-9856: phpmyadmin - An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-201...2016
Debian
CVE-2016-2559: phpmyadmin - Cross-site scripting (XSS) vulnerability in the format function in libraries/sql...2016

💬Community

4
Bugzilla
CVE-2016-2559 CVE-2016-2562 phpmyadmin: various flaws [epel-all]2016-03-02
Bugzilla
CVE-2016-2559 phpMyAdmin: XSS vulnerability in SQL parser (PMASA-2016-10)2016-03-02
Bugzilla
CVE-2016-2559 CVE-2016-2562 phpmyadmin4: various flaws [epel-5]2016-03-02
Bugzilla
CVE-2016-2559 CVE-2016-2562 phpmyadmin: various flaws [fedora-all]2016-03-02