Lucene search

MitreCVE-2016-2559

HistoryMar 01, 2016 - 11:59 a.m.

CVE-2016-2559

2016-03-0111:59:00

CWE-79

mitre

web.nvd.nist.gov

cve

2016

2559

cross-site scripting

xss

sql parser

phpmyadmin

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch4.5.0

phpmyadminphpmyadminMatch4.5.0beta1

phpmyadminphpmyadminMatch4.5.0beta2

phpmyadminphpmyadminMatch4.5.0rc1

phpmyadminphpmyadminMatch4.5.0.1

phpmyadminphpmyadminMatch4.5.0.2

phpmyadminphpmyadminMatch4.5.1

phpmyadminphpmyadminMatch4.5.2

phpmyadminphpmyadminMatch4.5.3

phpmyadminphpmyadminMatch4.5.3.1

phpmyadminphpmyadminMatch4.5.4

phpmyadminphpmyadminMatch4.5.4.1

phpmyadminphpmyadminMatch4.5.5

VendorProductVersionCPE
phpmyadminphpmyadmin4.5.0cpe:/a:phpmyadmin:phpmyadmin:4.5.0:::
phpmyadminphpmyadmin4.5.0cpe:/a:phpmyadmin:phpmyadmin:4.5.0:beta2::
phpmyadminphpmyadmin4.5.1cpe:/a:phpmyadmin:phpmyadmin:4.5.1:::
phpmyadminphpmyadmin4.5.0.1cpe:/a:phpmyadmin:phpmyadmin:4.5.0.1:::
phpmyadminphpmyadmin4.5.0.2cpe:/a:phpmyadmin:phpmyadmin:4.5.0.2:::
phpmyadminphpmyadmin4.5.5cpe:/a:phpmyadmin:phpmyadmin:4.5.5:::
phpmyadminphpmyadmin4.5.4cpe:/a:phpmyadmin:phpmyadmin:4.5.4:::
phpmyadminphpmyadmin4.5.3cpe:/a:phpmyadmin:phpmyadmin:4.5.3:::
phpmyadminphpmyadmin4.5.0cpe:/a:phpmyadmin:phpmyadmin:4.5.0:beta1::
phpmyadminphpmyadmin4.5.2cpe:/a:phpmyadmin:phpmyadmin:4.5.2:::

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	4.5.0	cpe:/a:phpmyadmin:phpmyadmin:4.5.0:::
phpmyadmin	phpmyadmin	4.5.0	cpe:/a:phpmyadmin:phpmyadmin:4.5.0:beta2::
phpmyadmin	phpmyadmin	4.5.1	cpe:/a:phpmyadmin:phpmyadmin:4.5.1:::
phpmyadmin	phpmyadmin	4.5.0.1	cpe:/a:phpmyadmin:phpmyadmin:4.5.0.1:::
phpmyadmin	phpmyadmin	4.5.0.2	cpe:/a:phpmyadmin:phpmyadmin:4.5.0.2:::
phpmyadmin	phpmyadmin	4.5.5	cpe:/a:phpmyadmin:phpmyadmin:4.5.5:::
phpmyadmin	phpmyadmin	4.5.4	cpe:/a:phpmyadmin:phpmyadmin:4.5.4:::
phpmyadmin	phpmyadmin	4.5.3	cpe:/a:phpmyadmin:phpmyadmin:4.5.3:::
phpmyadmin	phpmyadmin	4.5.0	cpe:/a:phpmyadmin:phpmyadmin:4.5.0:beta1::
phpmyadmin	phpmyadmin	4.5.2	cpe:/a:phpmyadmin:phpmyadmin:4.5.2:::