CVE-2016-5731

MEDIUM6.1EPSS 0.42%

phpmyadmin - security update

Published: 5/14/2022Modified: 5/7/2026

Description

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

Affected packages (3)

Debian/phpmyadminfrom 0, < 4:4.6.3-1
Debian/phpmyadminfrom 0, < 4:3.4.11.1-2+deb7u5
Packagist/phpmyadmin/phpmyadmin>= 4.0, < 4.0.10.16

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (14)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-5731
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-5731
PATCHhttps://github.com/phpmyadmin/composer
WEBhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
WEBhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c
WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/52e7898
WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/5fefa51
WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/78f6c54
WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94ab
WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/d005ba6
WEBhttps://security.gentoo.org/glsa/201701-32
WEBhttps://www.phpmyadmin.net/security/PMASA-2016-24
WEBhttp://www.debian.org/security/2016/dsa-3627