Description

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

Remediation

References

CVE-2016-2043

Related Vulnerabilities

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9048)

Telerik Web UI Inadequate Encryption Strength Vulnerability (CVE-2017-11317)

WordPress Plugin Shariff Wrapper Local File Inclusion (4.6.13)

TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-14251)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2190)

Severity

Medium

Classification

CVE-2016-2043 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities