CVE-2016-5099 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting8 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 34.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin Opensuse

Timeline

PublishedJul 5

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.6.2-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.6.2-1+3

▶NVDphpmyadmin/phpmyadmin26 versions+25

▶NVDopensuse/opensuse13.1

Patches

Patch: github.com ↗Patch: www.phpmyadmin.net ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-97x5-mp4j-qrgq: Cross-site scripting (XSS) vulnerability in phpMyAdmin 4↗2022-05-14

▶

OSV

CVE-2016-5099: Cross-site scripting (XSS) vulnerability in phpMyAdmin 4↗2016-07-05

▶

📋Vendor Advisories

Debian

CVE-2016-5099: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and...↗2016

▶

💬Community

Bugzilla

CVE-2016-5097 CVE-2016-5098 CVE-2016-5099 phpmyadmin4: phpMyAdmin: Multiple issues fixed in 4.6.2 and 4.4.15.6 (PMASA-2016-16,PMASA-2016-15,PMASA-2016-14) [epel-5]↗2016-05-26

▶

Bugzilla

CVE-2016-5097 CVE-2016-5098 CVE-2016-5099 phpMyAdmin: Multiple issues fixed in 4.6.2 and 4.4.15.6 (PMASA-2016-16,PMASA-2016-15,PMASA-2016-14) [fedora-all]↗2016-05-26

▶

Bugzilla

CVE-2016-5097 CVE-2016-5098 CVE-2016-5099 phpMyAdmin: Multiple issues fixed in 4.6.2 and 4.4.15.6 (PMASA-2016-16,PMASA-2016-15,PMASA-2016-14)↗2016-05-26

▶

Bugzilla

CVE-2016-5097 CVE-2016-5098 CVE-2016-5099 phpMyAdmin: Multiple issues fixed in 4.6.2 and 4.4.15.6 (PMASA-2016-16,PMASA-2016-15,PMASA-2016-14) [epel-all]↗2016-05-26

▶