- Home
- CVEs with nessus.description==Phpmyadmin, a web administration tool for MySQL, had several Cross Site Scripting (XSS) vulnerabilities were reported.
CVE-2016-5731
With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script.
CVE-2016-5733
Several XSS vulnerabilities were found with the Transformation feature. Also a vulnerability was reported allowing a specifically- configured MySQL server to execute an XSS attack. This particular attack requires configuring the MySQL server log_bin directive with the payload.
CVE-2016-5739
A vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token.
This could be used to direct a CSRF attack against a user.
For Debian 7 'Wheezy', these problems have been fixed in version 4:3.4.11.1-2 deb7u5.
We recommend that you upgrade your phpmyadmin packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top