VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1kme-6s76-k3es

Essentials
Severities (53)
References (28)
Severity details (27)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1kme-6s76-k3es
Aliases	CVE-2016-5705 GHSA-6q2j-8h8q-46mr
Summary	phpMyAdmin vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	6.1	http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
cvssv3.1	6.1	http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
epss	0.00583	https://api.first.org/data/v1/epss?cve=CVE-2016-5705
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-6q2j-8h8q-46mr
cvssv3.1	6.1	https://github.com/phpmyadmin/phpmyadmin
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin
cvssv3.1	6.1	https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8
cvssv3.1	6.1	https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc
cvssv3.1	6.1	https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98
cvssv3.1	6.1	https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f
cvssv3.1	6.1	https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2016-5705
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2016-5705
cvssv3.1	6.1	https://security.gentoo.org/glsa/201701-32
generic_textual	MODERATE	https://security.gentoo.org/glsa/201701-32
cvssv3.1	6.1	https://web.archive.org/web/20200227223416/http://www.securityfocus.com/bid/91378
generic_textual	MODERATE	https://web.archive.org/web/20200227223416/http://www.securityfocus.com/bid/91378
cvssv3.1	6.1	https://www.phpmyadmin.net/security/PMASA-2016-21
generic_textual	MODERATE	https://www.phpmyadmin.net/security/PMASA-2016-21
cvssv3.1	6.1	http://www.debian.org/security/2016/dsa-3627
generic_textual	MODERATE	http://www.debian.org/security/2016/dsa-3627

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
		http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
		https://api.first.org/data/v1/epss?cve=CVE-2016-5705
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739
		https://github.com/phpmyadmin/phpmyadmin
		https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8
		https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc
		https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98
		https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f
		https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a
		https://nvd.nist.gov/vuln/detail/CVE-2016-5705
		https://security.gentoo.org/glsa/201701-32
		https://web.archive.org/web/20200227223416/http://www.securityfocus.com/bid/91378
		https://www.phpmyadmin.net/security/PMASA-2016-21
		http://www.debian.org/security/2016/dsa-3627
GHSA-6q2j-8h8q-46mr		https://github.com/advisories/GHSA-6q2j-8h8q-46mr

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-5705

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://security.gentoo.org/glsa/201701-32

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20200227223416/http://www.securityfocus.com/bid/91378

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.phpmyadmin.net/security/PMASA-2016-21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.debian.org/security/2016/dsa-3627

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.67979
EPSS Score	0.00583
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:09:22.542732+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6q2j-8h8q-46mr/GHSA-6q2j-8h8q-46mr.json	37.0.0