FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2016-2560

This CVE name corresponds to:

Entered Topic
2016-03-01 phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2016-2560 at cve.mitre.org

Details

Type Candidate
Name CVE-2016-2560
Phase Assigned(20160225)

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.

References

Source Reference
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f
CONFIRM https://www.phpmyadmin.net/security/PMASA-2016-11/

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.