Description

An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.

Remediation

References

CVE-2016-9862

Related Vulnerabilities

WordPress Plugin Funky Penguin WP-PHPList 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)

WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.5)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-9585)

SharePoint CVE-2023-33142 Vulnerability (CVE-2023-33142)

WordPress Plugin Notification-Custom Notifications and Alerts for WordPress Cross-Site Scripting (7.2.4)

Severity

High

Classification

CVE-2016-9862 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities