Lucene search

[email protected]CVE-2016-5705

HistoryJul 03, 2016 - 1:59 a.m.

CVE-2016-5705

2016-07-0301:59:17

CWE-79

[email protected]

web.nvd.nist.gov

cve-2016-5705

cross-site scripting

xss

phpmyadmin

remote attackers

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an “invalid JSON” error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.

Affected configurations

NVD

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

phpmyadminphpmyadminMatch4.6.0

phpmyadminphpmyadminMatch4.6.0alpha1

phpmyadminphpmyadminMatch4.6.0rc1

phpmyadminphpmyadminMatch4.6.0rc2

phpmyadminphpmyadminMatch4.6.1

phpmyadminphpmyadminMatch4.6.2

Node

phpmyadminphpmyadminMatch4.4.0

phpmyadminphpmyadminMatch4.4.1

phpmyadminphpmyadminMatch4.4.1.1

phpmyadminphpmyadminMatch4.4.2

phpmyadminphpmyadminMatch4.4.3

phpmyadminphpmyadminMatch4.4.4

phpmyadminphpmyadminMatch4.4.5

phpmyadminphpmyadminMatch4.4.6

phpmyadminphpmyadminMatch4.4.6.1

phpmyadminphpmyadminMatch4.4.7

phpmyadminphpmyadminMatch4.4.8

phpmyadminphpmyadminMatch4.4.9

phpmyadminphpmyadminMatch4.4.10

phpmyadminphpmyadminMatch4.4.11

phpmyadminphpmyadminMatch4.4.12

phpmyadminphpmyadminMatch4.4.13

phpmyadminphpmyadminMatch4.4.13.1

phpmyadminphpmyadminMatch4.4.14.1

phpmyadminphpmyadminMatch4.4.15

phpmyadminphpmyadminMatch4.4.15.1

phpmyadminphpmyadminMatch4.4.15.2

phpmyadminphpmyadminMatch4.4.15.3

phpmyadminphpmyadminMatch4.4.15.4

phpmyadminphpmyadminMatch4.4.15.5

phpmyadminphpmyadminMatch4.4.15.6

CPENameOperatorVersion
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2

References

lists.opensuse.org/opensuse-updates/2016-06/msg00113.html

lists.opensuse.org/opensuse-updates/2016-06/msg00114.html

www.debian.org/security/2016/dsa-3627

www.securityfocus.com/bid/91378

github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8

github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc

github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98

github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f

github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a

security.gentoo.org/glsa/201701-32

www.phpmyadmin.net/security/PMASA-2016-21/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2016-5705

debiancve1 prion1 cvelist1 phpmyadmin1 ubuntucve1 nvd1 mageia1 openvas8 nessus7 fedora3 freebsd1 archlinux1 debian1 osv1 gentoo1