{"url":"http://public2.vulnerablecode.io/api/packages/52533?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.1","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"4.0.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.0.2","latest_non_vulnerable_version":"5.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38033?format=json","vulnerability_id":"VCID-1hvw-4h4d-zkhv","summary":"Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.","references":[{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2040","reference_id":"CVE-2016-2040","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2040"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52548?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-2040"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hvw-4h4d-zkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38034?format=json","vulnerability_id":"VCID-4kax-4bpz-g7c5","summary":"Covert Timing Channel\n`libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.","references":[{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2041","reference_id":"CVE-2016-2041","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52548?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-2041"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kax-4bpz-g7c5"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.1"}