CVE-2016-5731
MEDIUM6.1EPSS 0.42%phpMyAdmin Cross-site scripting (XSS) vulnerability
發布日:2022/5/14修改日:2026/5/7
描述
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.
受影響套件(3)
- Debian/phpmyadminfrom 0, < 4:4.6.3-1
- Debian/phpmyadminfrom 0, < 4:3.4.11.1-2+deb7u5
- Packagist/phpmyadmin/phpmyadmin>= 4.0, < 4.0.10.16
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(14)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-5731
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-5731
- PATCHhttps://github.com/phpmyadmin/composer
- WEBhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
- WEBhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
- WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c
- WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/52e7898
- WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/5fefa51
- WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/78f6c54
- WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94ab
- WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/d005ba6
- WEBhttps://security.gentoo.org/glsa/201701-32
- WEBhttps://www.phpmyadmin.net/security/PMASA-2016-24
- WEBhttp://www.debian.org/security/2016/dsa-3627