CVE-2016-2560

Priority
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow
remote attackers to inject arbitrary web script or HTML via (1) a crafted
Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON
data, related to file_echo.php; (3) a crafted SQL query, related to
js/functions.js; (4) the initial parameter to
libraries/server_privileges.lib.php in the user accounts page; or (5) the
it parameter to libraries/controllers/TableSearchController.class.php in
the zoom search page.
Notes
Package
Upstream:released (4:4.5.5.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4:4.6.0-2)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):not-affected (4:4.6.0-2)
More Information

Updated: 2020-04-24 03:27:48 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)