← back
CVE-2016-5731

CVE-2016-5731

EPSS 1.8%
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00114.htmlhttps://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48chttps://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94abhttps://security.gentoo.org/glsa/201701-32https://www.phpmyadmin.net/security/PMASA-2016-24/http://www.debian.org/security/2016/dsa-3627