Candidate: CVE-2016-6608
PublicDate: 2016-12-11 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608
 http://www.phpmyadmin.net/security/PMASA-2016-31/
Description:
 XSS issues were discovered in phpMyAdmin. This affects the database
 privilege check and the "Remove partitioning" functionality. Specially
 crafted database names can trigger the XSS attack. All 4.6.x versions
 (prior to 4.6.4) are affected.
Ubuntu-Description:
Notes:
 ratliff> introduced in 4.6.0alpha
 ratliff> https://github.com/phpmyadmin/phpmyadmin/commit/afc8aab04f7c09ea44b04806b426522e5ca830ee
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_phpmyadmin:
upstream_phpmyadmin: released (4:4.6.4+dfsg1-1)
precise_phpmyadmin: not-affected
trusty_phpmyadmin: not-affected
trusty/esm_phpmyadmin: not-affected
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
xenial_phpmyadmin: not-affected
devel_phpmyadmin: not-affected