CVE-2016-5099

6.1 MEDIUM

Published: July 05, 2016 Modified: May 06, 2026

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3627

Source: cve@mitre.org

http://www.securityfocus.com/bid/90877

Source: cve@mitre.org

http://www.securitytracker.com/id/1035979

Source: cve@mitre.org

https://github.com/phpmyadmin/phpmyadmin/commit/b061096abd992801fbbd805ef6ff74e627528780

Source: cve@mitre.org

Patch

https://security.gentoo.org/glsa/201701-32

Source: cve@mitre.org

https://www.phpmyadmin.net/security/PMASA-2016-16

Source: cve@mitre.org

Patch Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html