Search for vulnerabilities
Vulnerability details: VCID-urdw-rtvr-ubc6
Vulnerability ID VCID-urdw-rtvr-ubc6
Aliases CVE-2016-2559
Summary Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2016-2559
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2016-2559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2559
https://www.phpmyadmin.net/security/PMASA-2016-10/
CVE-2016-2559 https://nvd.nist.gov/vuln/detail/CVE-2016-2559
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.50999
EPSS Score 0.00278
Published At Dec. 19, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-12-19T17:41:30.946988+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 37.0.0