Candidate: CVE-2016-2040 PublicDate: 2016-02-20 01:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040 https://www.phpmyadmin.net/security/PMASA-2016-3/ Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. Ubuntu-Description: Notes: Bugs: Priority: medium Discovered-by: Emanuel Bronshtein Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N [5.4 MEDIUM] Patches_phpmyadmin: upstream: https://github.com/phpmyadmin/phpmyadmin/commit/9f3488fc3ab6b83618dbb4bebbea4b973764e2ac (4.0) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/0ce4fd2750491a54d27f94cc1403f9da21738aa6 (4.0) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/27eb98faedcdcd0b856577fcbdfe3e87b2445345 (4.0) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/2b3f915f72bfe7eb9ae60a69582f041ddc55f663 (4.4) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/75de41635d387e1c3c8d71a746241502a90c8422 (4.4) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/1414d60cbfe01a2d08ab9d5e6a7178a6323fca68 (4.4) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc (4.5) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418 (4.5) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2 (4.5) upstream_phpmyadmin: released (4:4.5.4-1) precise_phpmyadmin: ignored (reached end-of-life) precise/esm_phpmyadmin: DNE (precise was needed) trusty_phpmyadmin: ignored (out of standard support) trusty/esm_phpmyadmin: needed vivid_phpmyadmin: ignored (reached end-of-life) vivid/stable-phone-overlay_phpmyadmin: DNE vivid/ubuntu-core_phpmyadmin: DNE wily_phpmyadmin: ignored (reached end-of-life) xenial_phpmyadmin: not-affected (4:4.5.4-1) yakkety_phpmyadmin: not-affected (4:4.5.4-1) zesty_phpmyadmin: not-affected (4:4.5.4-1) artful_phpmyadmin: not-affected (4:4.5.4-1) bionic_phpmyadmin: not-affected (4:4.5.4-1) cosmic_phpmyadmin: not-affected (4:4.5.4-1) disco_phpmyadmin: not-affected (4:4.5.4-1) eoan_phpmyadmin: DNE focal_phpmyadmin: not-affected (4:4.5.4-1) groovy_phpmyadmin: not-affected (4:4.5.4-1) hirsute_phpmyadmin: not-affected (4:4.5.4-1) impish_phpmyadmin: not-affected (4:4.5.4-1) jammy_phpmyadmin: not-affected (4:4.5.4-1) devel_phpmyadmin: not-affected (4:4.5.4-1)