QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5705

Published: Jul 3, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f

x_refsource_CONFIRM

https://www.phpmyadmin.net/security/PMASA-2016-21/

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

openSUSE-SU-2016:1700

vendor-advisory

x_refsource_SUSE

https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98

x_refsource_CONFIRM

https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc

x_refsource_CONFIRM

https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

openSUSE-SU-2016:1699

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.