CVE-2016-6615

Name	CVE-2016-6615
Description	XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1415-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
phpmyadmin (PTS)	bullseye	4:5.0.4+dfsg2-2+deb11u1	fixed
	bookworm	4:5.2.1+dfsg-1	fixed
	sid, trixie	4:5.2.2-really5.2.2+20241228+dfsg-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
phpmyadmin	source	wheezy	(not affected)
phpmyadmin	source	jessie	4:4.2.12-2+deb8u3	DLA-1415-1
phpmyadmin	source	(unstable)	4:4.6.4+dfsg1-1

[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
https://www.phpmyadmin.net/security/PMASA-2016-38/