CVE-2016-2560Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting9 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
1.3%
top 19.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedMar 1
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libr

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.5.5.1-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:4.5.5.1-1+3
NVDphpmyadmin/phpmyadmin61 versions+60

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-fffr-hwf6-2q7v: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 42022-05-17
OSV
CVE-2016-2560: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 42016-03-01

📋Vendor Advisories

1
Debian
CVE-2016-2560: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4...2016

💬Community

5
Bugzilla
CVE-2016-5322 libtiff: Out-of-bounds read in extractContigSamplesBytes() function2016-06-15
Bugzilla
CVE-2016-2560 CVE-2016-2561 phpmyadmin: various flaws [epel-all]2016-03-01
Bugzilla
CVE-2016-2560 phpMyAdmin: multiple XSS vulnerabilities (PMASA-2016-11)2016-03-01
Bugzilla
CVE-2016-2560 CVE-2016-2561 phpmyadmin4: various flaws [epel-5]2016-03-01
Bugzilla
CVE-2016-2560 CVE-2016-2561 phpmyadmin: various flaws [fedora-all]2016-03-01