CVE-2016-2561

EUVD-2016-3636
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
phpmyadminphpmyadmin
4.4.0
phpmyadminphpmyadmin
4.4.1
phpmyadminphpmyadmin
4.4.1.1
phpmyadminphpmyadmin
4.4.2
phpmyadminphpmyadmin
4.4.3
phpmyadminphpmyadmin
4.4.4
phpmyadminphpmyadmin
4.4.5
phpmyadminphpmyadmin
4.4.6
phpmyadminphpmyadmin
4.4.6.1
phpmyadminphpmyadmin
4.4.7
phpmyadminphpmyadmin
4.4.8
phpmyadminphpmyadmin
4.4.9
phpmyadminphpmyadmin
4.4.10
phpmyadminphpmyadmin
4.4.11
phpmyadminphpmyadmin
4.4.12
phpmyadminphpmyadmin
4.4.13
phpmyadminphpmyadmin
4.4.13.1
phpmyadminphpmyadmin
4.4.14
phpmyadminphpmyadmin
4.4.14.1
phpmyadminphpmyadmin
4.4.15
phpmyadminphpmyadmin
4.4.15.1
phpmyadminphpmyadmin
4.4.15.2
phpmyadminphpmyadmin
4.4.15.3
phpmyadminphpmyadmin
4.4.15.4
phpmyadminphpmyadmin
4.5.0
phpmyadminphpmyadmin
4.5.0:beta1
phpmyadminphpmyadmin
4.5.0:beta2
phpmyadminphpmyadmin
4.5.0:rc1
phpmyadminphpmyadmin
4.5.0.1
phpmyadminphpmyadmin
4.5.0.2
phpmyadminphpmyadmin
4.5.1
phpmyadminphpmyadmin
4.5.2
phpmyadminphpmyadmin
4.5.3
phpmyadminphpmyadmin
4.5.3.1
phpmyadminphpmyadmin
4.5.4
phpmyadminphpmyadmin
4.5.4.1
phpmyadminphpmyadmin
4.5.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
phpmyadmin
bookworm
4:5.2.1+dfsg-1
fixed
bullseye
4:5.0.4+dfsg2-2+deb11u1
fixed
sid
4:5.2.1+dfsg-4
fixed
trixie
4:5.2.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpmyadmin
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
dne
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
precise
ignored
trusty
needed
wily
ignored
xenial
needed
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html
http://www.debian.org/security/2016/dsa-3627
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
https://www.phpmyadmin.net/security/PMASA-2016-12/
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html
http://www.debian.org/security/2016/dsa-3627
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
https://www.phpmyadmin.net/security/PMASA-2016-12/