NVD

Id
18347  
Name
CVE-2016-2040  
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2016-02-19  
Modified Date
2016-11-28  
Seq
2016-2040  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
101520 18347 CVE-2016-2040 FEDORA-2016-e1fe01e96e  View
101521 18347 CVE-2016-2040 FEDORA-2016-e55278763e  View
101522 18347 CVE-2016-2040 openSUSE-SU-2016:0357  View
101523 18347 CVE-2016-2040 openSUSE-SU-2016:0378  View
101524 18347 CVE-2016-2040 DSA-3627  View
101525 18347 CVE-2016-2040 http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php  View
101526 18347 CVE-2016-2040 https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc  View
101527 18347 CVE-2016-2040 https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2  View
101528 18347 CVE-2016-2040 https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
712 JVNDB-2016-001485 phpMyAdmin におけるクロスサイトスクリプティングの脆弱性 phpMyAdmin には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2016-2040 88546 CVE-2016-2040 18347 3.5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001485.html 2016-01-24 2016-02-25 View