Description

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.

Remediation

References

CVE-2016-6608

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2005-3444)

WordPress Plugin WordPress Email Template Designer-WP HTML Mail HTML Injection (2.9.0.3)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4400)

Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626)

WordPress Plugin WP iCommerce-the first interactive ecommerce for wordpress SQL Injection (1.1.1)

Severity

Medium

Classification

CVE-2016-6608 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities