Description

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

Remediation

References

CVE-2016-2043

Related Vulnerabilities

WordPress Plugin Venture Event Manager Cross-Site Scripting (3.2.4)

PrestaShop Improper Privilege Management Vulnerability (CVE-2023-43664)

MediaWiki Improper Authentication Vulnerability (CVE-2011-1766)

WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (2.4.2)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5314)

Severity

Medium

Classification

CVE-2016-2043 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities