Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

Remediation

References

CVE-2016-5099

Related Vulnerabilities

Internet Information Services Improper Input Validation Vulnerability (CVE-1999-0867)

Internet Information Services Uncontrolled Resource Consumption Vulnerability (CVE-2009-2521)

Apache Tomcat Credentials Management Errors Vulnerability (CVE-2009-3548)

Joomla Other Vulnerability (CVE-2006-1956)

WordPress Plugin Vertical SlideShow 'upload.php' Arbitrary File Upload (2.1)

Severity

Medium

Classification

CVE-2016-5099 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities