Phpmyadmin Cross Site Scripting Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Network Enabled

Discount: SecuriTeam5_SANS

Promo With Us

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner
Scanner Review
Fuzzer Review
Web Scanner Review

With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script.

Credit:
The original article can be found at: https://www.phpmyadmin.net/security/PMASA-2016-24/

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Phpmyadmin 4.0.0
* Phpmyadmin 4.0.1
* Phpmyadmin 4.0.2
* Phpmyadmin 4.0.3
* Phpmyadmin 4.0.4
* Phpmyadmin 4.0.4.1
* Phpmyadmin 4.0.4.2
* Phpmyadmin 4.0.5
* Phpmyadmin 4.0.6
* Phpmyadmin 4.0.7
* Phpmyadmin 4.0.8
* Phpmyadmin 4.0.9
* Phpmyadmin 4.0.10
* Phpmyadmin 4.0.10.1
* Phpmyadmin 4.0.10.2
* Phpmyadmin 4.0.10.3
* Phpmyadmin 4.0.10.4
* Phpmyadmin 4.0.10.5
* Phpmyadmin 4.0.10.6
* Phpmyadmin 4.0.10.7
* Phpmyadmin 4.0.10.8
* Phpmyadmin 4.0.10.9
* Phpmyadmin 4.0.10.10
* Phpmyadmin 4.0.10.11
* Phpmyadmin 4.0.10.12
* Phpmyadmin 4.0.10.13
* Phpmyadmin 4.0.10.14
* Phpmyadmin 4.0.10.15
* Phpmyadmin 4.4.0
* Phpmyadmin 4.4.1
* Phpmyadmin 4.4.1.1
* Phpmyadmin 4.4.2
* Phpmyadmin 4.4.3
* Phpmyadmin 4.4.4
* Phpmyadmin 4.4.5
* Phpmyadmin 4.4.6
* Phpmyadmin 4.4.6.1
* Phpmyadmin 4.4.7
* Phpmyadmin 4.4.8
* Phpmyadmin 4.4.9
* Phpmyadmin 4.4.10
* Phpmyadmin 4.4.11
* Phpmyadmin 4.4.12
* Phpmyadmin 4.4.13
* Phpmyadmin 4.4.13.1
* Phpmyadmin 4.4.14.1
* Phpmyadmin 4.4.15
* Phpmyadmin 4.4.15.1
* Phpmyadmin 4.4.15.2
* Phpmyadmin 4.4.15.3
* Phpmyadmin 4.4.15.4
* Phpmyadmin 4.4.15.5
* Phpmyadmin 4.4.15.6
* Phpmyadmin 4.6.0
* Phpmyadmin 4.6.0
* Phpmyadmin 4.6.0
* Phpmyadmin 4.6.0
* Phpmyadmin 4.6.1
* Phpmyadmin 4.6.2

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

CVE Information:
CVE-2016-5731

Disclosure Timeline:
Publish Date : 2016-07-02
Last Update Date : 2016-07-05

blog comments powered by Disqus

	Wepresent Wipg-1500 Firmware 1.0.3.7 Remote Code Execution Vulnerability
	Tcpdump Overflow Vulnerability
	Tcpdump 4.8.1 parsers Overflow Vulnerability
	Tcpdump 4.8.1 ISO CLNS Overflow Vulnerability
	Puppetlabs Mcollective-puppet-agent 1.11.0 option Execute Code Vulnerability
	Phpipam 1.2 Execute Code Cross Site Scripting Vulnerability
	Oracle Weblogic Server 10.3.6.0 takeover Remote Code Execution Vulnerability
	Oracle Universal Work Queue 12.1.1 accessible Remote Code Execution Vulnerability
	Oracle Siebel Ui Framework 16.1 update delete insert Remote Code Execution Vulnerability
	Oracle Partner Management 12.1.1 HTTP Remote Code Execution Vulnerability
	Oracle One-to-one Fulfillment 12.1.2 HTTP Remote Code Execution Vulnerability
	Oracle Mysql 5.7.16 unauthorized Remote Code Execution Vulnerability
	Oracle Marketing 12.1.1 Base Remote Code Execution Vulnerability
	Oracle JRE 1.6 web service Remote Code Execution Vulnerability
	Oracle Flexcube Universal Banking 12.2.0 Denial Of Service Vulnerability
	Oracle Flexcube Private Banking 12.0.1 CVSS Remote Code Execution Vulnerability
	Oracle Advanced Outbound Telephony 12.1.3 unauthorized Remote Code Execution Vulnerability
	Mybb Merge System 1.8.6 MyBulletinBoard Cross Site Scripting Vulnerability
	Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability
	Wireshark Overflow Vulnerability

Featured Articles

	Oracle Partner Management 12.1.1 HTTP Remote Code Execution Vulnerability
	Mp3splt 2.6.2 crafted Denial Of Service Vulnerability
	Trend Micro Smart Protection Server 3 webapps Execute Code Vulnerability
	Wordpress 4.7.1 commands Execute Code Sql Injection Vulnerability
	Oracle Istore 12.1.1 Successful Remote Code Execution Vulnerability
	Samsung Knox 1.0 Remote Code Execution Vulnerability
	Rapid7 Metasploit 4.13.0-2017012501 application Remote Code Execution Vulnerability
	Cisco IOS 15.2(2)e3 Denial Of Service Obtain Information Vulnerability
	Oracle Knowledge Management 12.1.1 critical data Remote Code Execution Vulnerability
	Siemens Sinumerik Integrate Operate Client modify Obtain Information Vulnerability
	Trend Micro Smart Protection Server 2.6 commands Execute Code Vulnerability
	Google Android 7.1.0 Mediaserver Execute Code Overflow Memory corruption Vulnerability
	Cisco Netflow Generation Appliance 1.0(2) Cross Site Scripting Vulnerability
	Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Vulnerability
	Google Android 6.0.1 context Execute Code Overflow Memory corruption Vulnerability
	Cisco Unified Communications Manager 11.5(1.12000.1) Cross Site Scripting Bypass a restriction or similar Vulnerability
	Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Memory corruption Vulnerability
	Oracle Marketing 12.2.6 Base Score Remote Code Execution Vulnerability
	Google Android 7 context Execute Code Overflow Memory corruption Vulnerability
	Cisco Webex Meeting Center Wbs28 Base Remote Code Execution Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs