Description

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.

Remediation

References

CVE-2016-2045

Related Vulnerabilities

Ruby Inadequate Encryption Strength Vulnerability (CVE-2021-32066)

WordPress Plugin CMS Tree Page View Cross-Site Request Forgery (1.2.4)

WordPress Plugin Widgets for SiteOrigin Security Bypass (1.4.2)

Oracle Database Server CVE-2009-1968 Vulnerability (CVE-2009-1968)

WordPress Plugin Be POPIA Compliant Information Disclosure (1.1.5)

Severity

Medium

Classification

CVE-2016-2045 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities