Description

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

Remediation

References

CVE-2016-2043

Related Vulnerabilities

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43722)

WordPress Plugin BP GTM System Cross-Site Scripting (1.9.5)

WordPress Plugin Relevanssi-A Better Search 'Seach Query' Field HTML Injection (2.7.2)

Liferay DXP Missing Critical Step in Authentication Vulnerability (CVE-2025-43798)

WordPress Plugin Captchinoo, Google recaptcha for admin login page Cross-Site Request Forgery (2.4)

Severity

Medium

Classification

CVE-2016-2043 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities