CVE-2016-2561

Priority
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x
before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users
to inject arbitrary web script or HTML via (1) normalization.php or (2)
js/normalization.js in the database normalization page, (3)
templates/database/structure/sortable_header.phtml in the database
structure page, or (4) the pos parameter to db_central_columns.php in the
central columns page.
Notes
Package
Upstream:released (4:4.5.5.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4:4.6.0-2)
Ubuntu 19.04 (Disco Dingo):not-affected (4:4.6.0-2)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):not-affected (4:4.6.0-2)
More Information

Updated: 2019-12-11 06:14:33 UTC (commit 0faf5fc8751871109f865711f0c277151ab57e18)