Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-5732)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.

Remediation

References

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2021-26036)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37914)

WordPress Improper Input Validation Vulnerability (CVE-2014-9038)

MySQL CVE-2020-14793 Vulnerability (CVE-2020-14793)

WordPress 3.8.x Arbitrary File Deletion Vulnerability (3.8 - 3.8.26)

Severity

Medium

Classification

CVE-2016-5732 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities