Search for vulnerabilities
Vulnerability details: VCID-9cg5-td6p-j7ak
Vulnerability ID VCID-9cg5-td6p-j7ak
Aliases CVE-2016-2040
Summary Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2016-2040
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2016-2040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739
http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php
CVE-2016-2040 https://nvd.nist.gov/vuln/detail/CVE-2016-2040
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.64975
EPSS Score 0.00493
Published At Dec. 19, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-12-19T17:41:30.787430+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 37.0.0