6.1

CVE-2016-5705

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseLeap Version42.1
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
PhpmyadminPhpmyadmin Version4.6.0
PhpmyadminPhpmyadmin Version4.6.0 Updatealpha1
PhpmyadminPhpmyadmin Version4.6.0 Updaterc1
PhpmyadminPhpmyadmin Version4.6.0 Updaterc2
PhpmyadminPhpmyadmin Version4.6.1
PhpmyadminPhpmyadmin Version4.6.2
PhpmyadminPhpmyadmin Version4.4.0
PhpmyadminPhpmyadmin Version4.4.1
PhpmyadminPhpmyadmin Version4.4.1.1
PhpmyadminPhpmyadmin Version4.4.2
PhpmyadminPhpmyadmin Version4.4.3
PhpmyadminPhpmyadmin Version4.4.4
PhpmyadminPhpmyadmin Version4.4.5
PhpmyadminPhpmyadmin Version4.4.6
PhpmyadminPhpmyadmin Version4.4.6.1
PhpmyadminPhpmyadmin Version4.4.7
PhpmyadminPhpmyadmin Version4.4.8
PhpmyadminPhpmyadmin Version4.4.9
PhpmyadminPhpmyadmin Version4.4.10
PhpmyadminPhpmyadmin Version4.4.11
PhpmyadminPhpmyadmin Version4.4.12
PhpmyadminPhpmyadmin Version4.4.13
PhpmyadminPhpmyadmin Version4.4.13.1
PhpmyadminPhpmyadmin Version4.4.14.1
PhpmyadminPhpmyadmin Version4.4.15
PhpmyadminPhpmyadmin Version4.4.15.1
PhpmyadminPhpmyadmin Version4.4.15.2
PhpmyadminPhpmyadmin Version4.4.15.3
PhpmyadminPhpmyadmin Version4.4.15.4
PhpmyadminPhpmyadmin Version4.4.15.5
PhpmyadminPhpmyadmin Version4.4.15.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.32% 0.671
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.debian.org/security/2016/dsa-3627
http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
https://security.gentoo.org/glsa/201701-32
http://www.securityfocus.com/bid/91378
https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a
Patch
https://www.phpmyadmin.net/security/PMASA-2016-21/
Patch
Vendor Advisory