CVE-2016-5732 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting9 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 54.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJul 3

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.6.3-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin4.6.0 — 4.6.3

▶Debianphpmyadmin/phpmyadmin< 4:4.6.3-1+3

▶NVDphpmyadmin/phpmyadmin4.6.0, 4.6.1, 4.6.2+2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

phpMyAdmin XSS Vulnerability↗2022-05-17

▶

OSV

phpMyAdmin XSS Vulnerability↗2022-05-17

▶

OSV

CVE-2016-5732: Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions↗2016-07-03

▶

📋Vendor Advisories

Debian

CVE-2016-5732: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in the partition-range imple...↗2016

▶

💬Community

Bugzilla

CVE-2016-5701 CVE-2016-5702 CVE-2016-5703 CVE-2016-5704 CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731 CVE-2016-5732 CVE-2016-5733 CVE-2016-5734 CVE-2016-5739 phpMyAdmin: 4.6.3, 4.4.15.7 and ↗2016-06-23

▶

Bugzilla

▶

Bugzilla

▶

Bugzilla

▶