vulnerability
FreeBSD: VID-6cc06eec-c60b-11e5-bf36-6805ca0b3d42 (CVE-2016-2040): phpmyadmin -- Multiple XSS vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Jan 28, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Jan 28, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. With a crafted hostname header, it is possible to trigger an XSS attacks in the home page. We consider these vulnerabilities to be non-critical. These vulnerabilities can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.
Solution
freebsd-upgrade-package-phpmyadmin
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.