{"id":"CVE-2016-5705","details":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an \"invalid JSON\" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.","aliases":["GHSA-6q2j-8h8q-46mr"],"modified":"2026-07-08T05:48:20.887912860Z","published":"2016-07-03T01:59:17.393Z","related":["openSUSE-SU-2024:10054-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"],"source":"CPE_STRING","vendor_product":"opensuse:leap","extracted_events":[{"introduced":"42.1"},{"last_affected":"42.1"}]},{"source":"CPE_STRING","cpes":["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"],"vendor_product":"opensuse:opensuse","extracted_events":[{"introduced":"13.1"},{"last_affected":"13.1"},{"introduced":"13.2"},{"last_affected":"13.2"}]}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/91378"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3627"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-32"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a"},{"type":"FIX","url":"https://www.phpmyadmin.net/security/PMASA-2016-21/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phpmyadmin/phpmyadmin","events":[{"introduced":"37b38431d167915675fc8ab512470528147e72de"},{"last_affected":"1f1e63cd5956eca847891b28b24e90ceaeaeb009"},{"fixed":"03f73d48369703e0d3584699b08e24891c3295b8"},{"fixed":"0b7416c5f4439ed3f11c023785f2d4c49a1b09fc"},{"fixed":"364732e309cccb3fb56c938ed8d8bc0e04a3ca98"},{"fixed":"36df83a97a7f140fdb008b727a94f882847c6a6f"},{"fixed":"57ae483bad33059a885366d5445b7e1f6f29860a"}],"database_specific":{"source":["CPE_STRING","REFERENCES"],"cpe":["cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"4.6.0"},{"last_affected":"4.6.0"},{"introduced":"4.6.0-alpha1"},{"last_affected":"4.6.0-alpha1"},{"introduced":"4.6.0-rc1"},{"last_affected":"4.6.0-rc1"},{"introduced":"4.6.0-rc2"},{"last_affected":"4.6.0-rc2"},{"introduced":"4.6.1"},{"last_affected":"4.6.1"},{"introduced":"4.6.2"},{"last_affected":"4.6.2"},{"introduced":"4.4.0"},{"last_affected":"4.4.0"},{"introduced":"4.4.1"},{"last_affected":"4.4.1"},{"introduced":"4.4.1.1"},{"last_affected":"4.4.1.1"},{"introduced":"4.4.2"},{"last_affected":"4.4.2"},{"introduced":"4.4.3"},{"last_affected":"4.4.3"},{"introduced":"4.4.4"},{"last_affected":"4.4.4"},{"introduced":"4.4.5"},{"last_affected":"4.4.5"},{"introduced":"4.4.6"},{"last_affected":"4.4.6"},{"introduced":"4.4.6.1"},{"last_affected":"4.4.6.1"},{"introduced":"4.4.7"},{"last_affected":"4.4.7"},{"introduced":"4.4.8"},{"last_affected":"4.4.8"},{"introduced":"4.4.9"},{"last_affected":"4.4.9"},{"introduced":"4.4.10"},{"last_affected":"4.4.10"},{"introduced":"4.4.11"},{"last_affected":"4.4.11"},{"introduced":"4.4.12"},{"last_affected":"4.4.12"},{"introduced":"4.4.13"},{"last_affected":"4.4.13"},{"introduced":"4.4.13.1"},{"last_affected":"4.4.13.1"},{"introduced":"4.4.14.1"},{"last_affected":"4.4.14.1"},{"introduced":"4.4.15"},{"last_affected":"4.4.15"},{"introduced":"4.4.15.1"},{"last_affected":"4.4.15.1"},{"introduced":"4.4.15.2"},{"last_affected":"4.4.15.2"},{"introduced":"4.4.15.3"},{"last_affected":"4.4.15.3"},{"introduced":"4.4.15.4"},{"last_affected":"4.4.15.4"},{"introduced":"4.4.15.5"},{"last_affected":"4.4.15.5"},{"introduced":"4.4.15.6"},{"last_affected":"4.4.15.6"}]}}],"versions":["4.4.0","4.4.1","4.4.1.1","4.4.10","4.4.11","4.4.12","4.4.13","4.4.13.1","4.4.14.1","4.4.15","4.4.15.1","4.4.15.2","4.4.15.3","4.4.15.4","4.4.15.5","4.4.15.6","4.4.2","4.4.3","4.4.4","4.4.5","4.4.6","4.4.6.1","4.4.7","4.4.8","4.4.9","4.6.0","4.6.0-alpha1","4.6.0-rc1","4.6.0-rc2","4.6.1","4.6.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5705.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}