Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-2561

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.

Published

2016-03-01T11:59:03.533

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phpmyadmin	phpmyadmin	4.4.0	Yes
Application	phpmyadmin	phpmyadmin	4.4.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.1.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.2	Yes
Application	phpmyadmin	phpmyadmin	4.4.3	Yes
Application	phpmyadmin	phpmyadmin	4.4.4	Yes
Application	phpmyadmin	phpmyadmin	4.4.5	Yes
Application	phpmyadmin	phpmyadmin	4.4.6	Yes
Application	phpmyadmin	phpmyadmin	4.4.6.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.7	Yes
Application	phpmyadmin	phpmyadmin	4.4.8	Yes
Application	phpmyadmin	phpmyadmin	4.4.9	Yes
Application	phpmyadmin	phpmyadmin	4.4.10	Yes
Application	phpmyadmin	phpmyadmin	4.4.11	Yes
Application	phpmyadmin	phpmyadmin	4.4.12	Yes
Application	phpmyadmin	phpmyadmin	4.4.13	Yes
Application	phpmyadmin	phpmyadmin	4.4.13.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.14	Yes
Application	phpmyadmin	phpmyadmin	4.4.14.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.15	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.2	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.3	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.4	Yes
Application	phpmyadmin	phpmyadmin	4.5.0	Yes
Application	phpmyadmin	phpmyadmin	4.5.0	Yes
Application	phpmyadmin	phpmyadmin	4.5.0	Yes
Application	phpmyadmin	phpmyadmin	4.5.0	Yes
Application	phpmyadmin	phpmyadmin	4.5.0.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.0.2	Yes
Application	phpmyadmin	phpmyadmin	4.5.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.2	Yes
Application	phpmyadmin	phpmyadmin	4.5.3	Yes
Application	phpmyadmin	phpmyadmin	4.5.3.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.4	Yes
Application	phpmyadmin	phpmyadmin	4.5.4.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.5	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html ([email protected])
http://www.debian.org/security/2016/dsa-3627 ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372 Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775 Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e Patch ([email protected])
https://www.phpmyadmin.net/security/PMASA-2016-12/ Patch, Vendor Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3627 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.phpmyadmin.net/security/PMASA-2016-12/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)