{"id":"CVE-2016-2040","details":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.","aliases":["GHSA-pw34-qf6c-84fc"],"modified":"2026-07-08T05:48:37.601626994Z","published":"2016-02-20T01:59:03.297Z","related":["openSUSE-SU-2024:10054-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"fedoraproject:fedora","source":"CPE_STRING","extracted_events":[{"introduced":"22"},{"last_affected":"22"},{"introduced":"23"},{"last_affected":"23"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"]},{"vendor_product":"opensuse:leap","source":"CPE_STRING","extracted_events":[{"introduced":"42.1"},{"last_affected":"42.1"}],"cpes":["cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]},{"vendor_product":"opensuse:opensuse","source":"CPE_STRING","extracted_events":[{"introduced":"13.1"},{"last_affected":"13.1"},{"introduced":"13.2"},{"last_affected":"13.2"}],"cpes":["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3627"},{"type":"FIX","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phpmyadmin/phpmyadmin","events":[{"introduced":"6da64cc3b2ba4439574f914f51e161645375be96"},{"last_affected":"a81ac373c82ec81351b3e5a30c5aa0b2b9e444af"},{"fixed":"75a55824012406a08c4debf5ddb7ae41c32a7dbc"},{"fixed":"aca42efa01917cc0fe8cfdb2927a6399ca1742f2"},{"fixed":"edffb52884b09562490081c3b8666ef46c296418"}],"database_specific":{"cpe":["cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc3:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:*:*:*:*:*:*:*"],"source":["CPE_STRING","REFERENCES"],"extracted_events":[{"introduced":"4.0.0"},{"last_affected":"4.0.0"},{"introduced":"4.0.0-rc2"},{"last_affected":"4.0.0-rc2"},{"introduced":"4.0.0-rc3"},{"last_affected":"4.0.0-rc3"},{"introduced":"4.0.1"},{"last_affected":"4.0.1"},{"introduced":"4.0.10"},{"last_affected":"4.0.10"},{"introduced":"4.0.10.1"},{"last_affected":"4.0.10.1"},{"introduced":"4.0.10.2"},{"last_affected":"4.0.10.2"},{"introduced":"4.0.10.3"},{"last_affected":"4.0.10.3"},{"introduced":"4.0.10.4"},{"last_affected":"4.0.10.4"},{"introduced":"4.0.10.5"},{"last_affected":"4.0.10.5"},{"introduced":"4.0.10.6"},{"last_affected":"4.0.10.6"},{"introduced":"4.0.10.7"},{"last_affected":"4.0.10.7"},{"introduced":"4.0.10.8"},{"last_affected":"4.0.10.8"},{"introduced":"4.0.10.9"},{"last_affected":"4.0.10.9"},{"introduced":"4.0.10.10"},{"last_affected":"4.0.10.10"},{"introduced":"4.0.10.11"},{"last_affected":"4.0.10.11"},{"introduced":"4.0.10.12"},{"last_affected":"4.0.10.12"},{"introduced":"4.4.0"},{"last_affected":"4.4.0"},{"introduced":"4.4.1"},{"last_affected":"4.4.1"},{"introduced":"4.4.1.1"},{"last_affected":"4.4.1.1"},{"introduced":"4.4.2"},{"last_affected":"4.4.2"},{"introduced":"4.4.3"},{"last_affected":"4.4.3"},{"introduced":"4.4.4"},{"last_affected":"4.4.4"},{"introduced":"4.4.5"},{"last_affected":"4.4.5"},{"introduced":"4.4.6"},{"last_affected":"4.4.6"},{"introduced":"4.4.6.1"},{"last_affected":"4.4.6.1"},{"introduced":"4.4.7"},{"last_affected":"4.4.7"},{"introduced":"4.4.8"},{"last_affected":"4.4.8"},{"introduced":"4.4.9"},{"last_affected":"4.4.9"},{"introduced":"4.4.10"},{"last_affected":"4.4.10"},{"introduced":"4.4.11"},{"last_affected":"4.4.11"},{"introduced":"4.4.12"},{"last_affected":"4.4.12"},{"introduced":"4.4.13"},{"last_affected":"4.4.13"},{"introduced":"4.4.13.1"},{"last_affected":"4.4.13.1"},{"introduced":"4.4.14.1"},{"last_affected":"4.4.14.1"},{"introduced":"4.4.15"},{"last_affected":"4.4.15"},{"introduced":"4.4.15.1"},{"last_affected":"4.4.15.1"},{"introduced":"4.4.15.2"},{"last_affected":"4.4.15.2"},{"introduced":"4.4.15.3"},{"last_affected":"4.4.15.3"},{"introduced":"4.5.0"},{"last_affected":"4.5.0"},{"introduced":"4.5.0.1"},{"last_affected":"4.5.0.1"},{"introduced":"4.5.0.2"},{"last_affected":"4.5.0.2"},{"introduced":"4.5.1"},{"last_affected":"4.5.1"},{"introduced":"4.5.2"},{"last_affected":"4.5.2"},{"introduced":"4.5.3"},{"last_affected":"4.5.3"}]}}],"versions":["4.0.0","4.0.0-rc2","4.0.0-rc3","4.0.1","4.0.10","4.0.10.1","4.0.10.10","4.0.10.11","4.0.10.12","4.0.10.2","4.0.10.3","4.0.10.4","4.0.10.5","4.0.10.6","4.0.10.7","4.0.10.8","4.0.10.9","4.4.0","4.4.1","4.4.1.1","4.4.10","4.4.11","4.4.12","4.4.13","4.4.13.1","4.4.14.1","4.4.15","4.4.15.1","4.4.15.2","4.4.15.3","4.4.2","4.4.3","4.4.4","4.4.5","4.4.6","4.4.6.1","4.4.7","4.4.8","4.4.9","4.5.0","4.5.0.1","4.5.0.2","4.5.1","4.5.2","4.5.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2040.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}