Detections
Analytics

CVE-2016-5099

medium

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

References

https://www.phpmyadmin.net/security/PMASA-2016-16

https://security.gentoo.org/glsa/201701-32

https://github.com/phpmyadmin/phpmyadmin/commit/b061096abd992801fbbd805ef6ff74e627528780

http://www.securitytracker.com/id/1035979

http://www.securityfocus.com/bid/90877

http://www.debian.org/security/2016/dsa-3627

http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html

Details

Source: Mitre, NVD

Published: 2016-07-05

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00423