5.4

CVE-2016-2561

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version4.4.0
PhpmyadminPhpmyadmin Version4.4.1
PhpmyadminPhpmyadmin Version4.4.1.1
PhpmyadminPhpmyadmin Version4.4.2
PhpmyadminPhpmyadmin Version4.4.3
PhpmyadminPhpmyadmin Version4.4.4
PhpmyadminPhpmyadmin Version4.4.5
PhpmyadminPhpmyadmin Version4.4.6
PhpmyadminPhpmyadmin Version4.4.6.1
PhpmyadminPhpmyadmin Version4.4.7
PhpmyadminPhpmyadmin Version4.4.8
PhpmyadminPhpmyadmin Version4.4.9
PhpmyadminPhpmyadmin Version4.4.10
PhpmyadminPhpmyadmin Version4.4.11
PhpmyadminPhpmyadmin Version4.4.12
PhpmyadminPhpmyadmin Version4.4.13
PhpmyadminPhpmyadmin Version4.4.13.1
PhpmyadminPhpmyadmin Version4.4.14
PhpmyadminPhpmyadmin Version4.4.14.1
PhpmyadminPhpmyadmin Version4.4.15
PhpmyadminPhpmyadmin Version4.4.15.1
PhpmyadminPhpmyadmin Version4.4.15.2
PhpmyadminPhpmyadmin Version4.4.15.3
PhpmyadminPhpmyadmin Version4.4.15.4
PhpmyadminPhpmyadmin Version4.5.0
PhpmyadminPhpmyadmin Version4.5.0 Updatebeta1
PhpmyadminPhpmyadmin Version4.5.0 Updatebeta2
PhpmyadminPhpmyadmin Version4.5.0 Updaterc1
PhpmyadminPhpmyadmin Version4.5.0.1
PhpmyadminPhpmyadmin Version4.5.0.2
PhpmyadminPhpmyadmin Version4.5.1
PhpmyadminPhpmyadmin Version4.5.2
PhpmyadminPhpmyadmin Version4.5.3
PhpmyadminPhpmyadmin Version4.5.3.1
PhpmyadminPhpmyadmin Version4.5.4
PhpmyadminPhpmyadmin Version4.5.4.1
PhpmyadminPhpmyadmin Version4.5.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.47% 0.824
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.3 2.7
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.debian.org/security/2016/dsa-3627
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
Patch
https://www.phpmyadmin.net/security/PMASA-2016-12/
Patch
Vendor Advisory