Candidate: CVE-2016-5731
PublicDate: 2016-07-03 01:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731
 https://www.phpmyadmin.net/security/PMASA-2016-24/
Description:
 Cross-site scripting (XSS) vulnerability in examples/openid.php in
 phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before
 4.6.3 allows remote attackers to inject arbitrary web script or HTML via
 vectors involving an OpenID error message.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Emanuel Bronshtein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_phpmyadmin:
upstream_phpmyadmin: released (4:4.6.3-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needed)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
wily_phpmyadmin: ignored (reached end-of-life)
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: not-affected (4:4.6.3-1)
zesty_phpmyadmin: not-affected (4:4.6.3-1)
artful_phpmyadmin: not-affected (4:4.6.3-1)
bionic_phpmyadmin: not-affected (4:4.6.3-1)
cosmic_phpmyadmin: not-affected (4:4.6.3-1)
disco_phpmyadmin: not-affected (4:4.6.3-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.3-1)
groovy_phpmyadmin: not-affected (4:4.6.3-1)
hirsute_phpmyadmin: not-affected (4:4.6.3-1)
impish_phpmyadmin: not-affected (4:4.6.3-1)
jammy_phpmyadmin: not-affected (4:4.6.3-1)
devel_phpmyadmin: not-affected (4:4.6.3-1)