CVE-2016-5731

NameCVE-2016-5731
DescriptionCross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-551-1, DSA-3627-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpmyadmin (PTS)wheezy4:3.4.11.1-2+deb7u2vulnerable
wheezy (security)4:3.4.11.1-2+deb7u8fixed
jessie (security), jessie4:4.2.12-2+deb8u2fixed
stretch4:4.6.6-4fixed
buster, sid4:4.6.6-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpmyadminsource(unstable)4:4.6.3-1low
phpmyadminsourcejessie4:4.2.12-2+deb8u2mediumDSA-3627-1
phpmyadminsourcewheezy4:3.4.11.1-2+deb7u5mediumDLA-551-1

Search for package or bug name: Reporting problems