CVE-2016-5099

medium

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

References

http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html

http://www.debian.org/security/2016/dsa-3627

http://www.securityfocus.com/bid/90877

http://www.securitytracker.com/id/1035979

https://github.com/phpmyadmin/phpmyadmin/commit/b061096abd992801fbbd805ef6ff74e627528780

https://security.gentoo.org/glsa/201701-32

https://www.phpmyadmin.net/security/PMASA-2016-16

Details

Source: MITRE

Published: 2016-07-05

Updated: 2018-10-30

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM