FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2016-2561

This CVE name corresponds to:

Entered Topic
2016-03-01 phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2016-2561 at cve.mitre.org

Details

Type Candidate
Name CVE-2016-2561
Phase Assigned(20160225)

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.

References

Source Reference
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
CONFIRM https://www.phpmyadmin.net/security/PMASA-2016-12/

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.