QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-5733

Back to search

CVE-2016-5733

Published: Jul 3, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.

VendorProductVersions

n/a

n/a

affected
n/a

References

openSUSE-SU-2016:1700
vendor-advisory
x_refsource_SUSE
DSA-3627
vendor-advisory
x_refsource_DEBIAN
91390
vdb-entry
x_refsource_BID
GLSA-201701-32
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2016:1699
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now