Candidate: CVE-2016-5099
PublicDate: 2016-07-05 01:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099
 https://www.phpmyadmin.net/security/PMASA-2016-16/
Description:
 Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before
 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary
 web script or HTML via special characters that are mishandled during double
 URL decoding.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_phpmyadmin:
upstream_phpmyadmin: released (4:4.6.2-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needs-triage)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
wily_phpmyadmin: ignored (reached end-of-life)
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: not-affected (4:4.6.2-1)
zesty_phpmyadmin: not-affected (4:4.6.2-1)
artful_phpmyadmin: not-affected (4:4.6.2-1)
bionic_phpmyadmin: not-affected (4:4.6.2-1)
cosmic_phpmyadmin: not-affected (4:4.6.2-1)
disco_phpmyadmin: not-affected (4:4.6.2-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.2-1)
groovy_phpmyadmin: not-affected (4:4.6.2-1)
hirsute_phpmyadmin: not-affected (4:4.6.2-1)
impish_phpmyadmin: not-affected (4:4.6.2-1)
jammy_phpmyadmin: not-affected (4:4.6.2-1)
devel_phpmyadmin: not-affected (4:4.6.2-1)