CVE-2016-5731 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting9 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 37.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin Opensuse Leap +1 more

Timeline

PublishedJul 3

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.6.3-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin4.0 — 4.0.10.16+2

▶Debianphpmyadmin/phpmyadmin< 4:4.6.3-1+3

▶NVDphpmyadmin/phpmyadmin56 versions+55

▶NVDopensuse/leap42.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

OSV

phpMyAdmin Cross-site scripting (XSS) vulnerability↗2022-05-14

▶

GHSA

phpMyAdmin Cross-site scripting (XSS) vulnerability↗2022-05-14

▶

OSV

CVE-2016-5731: Cross-site scripting (XSS) vulnerability in examples/openid↗2016-07-03

▶

📋Vendor Advisories

Debian

CVE-2016-5731: phpmyadmin - Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4....↗2016

▶

💬Community

Bugzilla

CVE-2016-5701 CVE-2016-5702 CVE-2016-5703 CVE-2016-5704 CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731 CVE-2016-5732 CVE-2016-5733 CVE-2016-5734 CVE-2016-5739 phpMyAdmin: 4.6.3, 4.4.15.7 and ↗2016-06-23

▶

Bugzilla

▶

Bugzilla

▶

Bugzilla

▶