Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

Remediation

References

CVE-2016-5099

Related Vulnerabilities

MySQL CVE-2015-4771 Vulnerability (CVE-2015-4771)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.24)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5320)

WordPress Plugin Seatgeek Affiliate Tickets Cross-Site Scripting (1.0.2)

WordPress Plugin mTouch Quiz Multiple Vulnerabilities (3.1.2)

Severity

Medium

Classification

CVE-2016-5099 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities