GHSA-mwm8-36c5-j5cf

Source

https://github.com/advisories/GHSA-mwm8-36c5-j5cf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mwm8-36c5-j5cf/GHSA-mwm8-36c5-j5cf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mwm8-36c5-j5cf

Aliases

CVE-2016-5731

Published

2022-05-14T02:08:58Z

Modified

2024-04-24T17:57:35.769035Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

phpMyAdmin Cross-site scripting (XSS) vulnerability

Details

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

Database specific

{
    "nvd_published_at": "2016-07-03T01:59:00Z",
    "github_reviewed_at": "2024-04-24T17:16:28Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

Packagist / phpmyadmin/phpmyadmin

Package

Name: phpmyadmin/phpmyadmin
Purl: pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0

Fixed

4.0.10.16

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.4.1

4.0.4.2

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.10.1

4.0.10.2

4.0.10.3

4.0.10.4

4.0.10.5

4.0.10.6

4.0.10.7

4.0.10.8

4.0.10.9

Packagist / phpmyadmin/phpmyadmin

Package

Name: phpmyadmin/phpmyadmin
Purl: pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4

Fixed

4.4.15.7

Packagist / phpmyadmin/phpmyadmin

Package

Name: phpmyadmin/phpmyadmin
Purl: pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.6

Fixed

4.6.3