CVE-2016-2559
01.03.2016, 11:59
Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
| Vendor | Product | Version |
|---|---|---|
| phpmyadmin | phpmyadmin | 4.5.0 |
| phpmyadmin | phpmyadmin | 4.5.0:beta1 |
| phpmyadmin | phpmyadmin | 4.5.0:beta2 |
| phpmyadmin | phpmyadmin | 4.5.0:rc1 |
| phpmyadmin | phpmyadmin | 4.5.0.1 |
| phpmyadmin | phpmyadmin | 4.5.0.2 |
| phpmyadmin | phpmyadmin | 4.5.1 |
| phpmyadmin | phpmyadmin | 4.5.2 |
| phpmyadmin | phpmyadmin | 4.5.3 |
| phpmyadmin | phpmyadmin | 4.5.3.1 |
| phpmyadmin | phpmyadmin | 4.5.4 |
| phpmyadmin | phpmyadmin | 4.5.4.1 |
| phpmyadmin | phpmyadmin | 4.5.5 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| phpmyadmin |
|
References