What is the severity of CVE-2016-2560?

CVE-2016-2560 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.

How do I fix CVE-2016-2560?

To fix CVE-2016-2560, upgrade phpMyAdmin to version 4.0.10.15 or later, 4.4.15.5 or later, or 4.5.5.1 or later.

What types of attacks are possible using CVE-2016-2560?

CVE-2016-2560 allows remote attackers to inject arbitrary web scripts or HTML through crafted HTTP headers or JSON data.

Which versions of phpMyAdmin are affected by CVE-2016-2560?

CVE-2016-2560 affects phpMyAdmin versions 4.0.x prior to 4.0.10.15, 4.4.x prior to 4.4.15.5, and 4.5.x prior to 4.5.5.1.

How can I determine if my phpMyAdmin installation is vulnerable to CVE-2016-2560?

You can determine if your phpMyAdmin installation is vulnerable by checking the version number and confirming it is one of the affected versions listed in CVE-2016-2560.

Vulnerability/
CVE-2016-2560

medium

6.1

CWE

1/3/2016

5/8/2024

CVE-2016-2560: XSS

First published: Tue Mar 01 2016(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
phpMyAdmin phpMyAdmin	=4.0.0
phpMyAdmin phpMyAdmin	=4.0.1
phpMyAdmin phpMyAdmin	=4.0.2
phpMyAdmin phpMyAdmin	=4.0.3
phpMyAdmin phpMyAdmin	=4.0.4
phpMyAdmin phpMyAdmin	=4.0.4.1
phpMyAdmin phpMyAdmin	=4.0.4.2
phpMyAdmin phpMyAdmin	=4.0.5
phpMyAdmin phpMyAdmin	=4.0.6
phpMyAdmin phpMyAdmin	=4.0.7
phpMyAdmin phpMyAdmin	=4.0.8
phpMyAdmin phpMyAdmin	=4.0.9
phpMyAdmin phpMyAdmin	=4.0.10
phpMyAdmin phpMyAdmin	=4.0.10.1
phpMyAdmin phpMyAdmin	=4.0.10.2
phpMyAdmin phpMyAdmin	=4.0.10.3
phpMyAdmin phpMyAdmin	=4.0.10.4
phpMyAdmin phpMyAdmin	=4.0.10.5
phpMyAdmin phpMyAdmin	=4.0.10.6
phpMyAdmin phpMyAdmin	=4.0.10.7
phpMyAdmin phpMyAdmin	=4.0.10.8
phpMyAdmin phpMyAdmin	=4.0.10.9
phpMyAdmin phpMyAdmin	=4.0.10.10
phpMyAdmin phpMyAdmin	=4.0.10.11
phpMyAdmin phpMyAdmin	=4.0.10.12
phpMyAdmin phpMyAdmin	=4.0.10.13
phpMyAdmin phpMyAdmin	=4.0.10.14
phpMyAdmin phpMyAdmin	=4.4.0
phpMyAdmin phpMyAdmin	=4.4.1
phpMyAdmin phpMyAdmin	=4.4.1.1
phpMyAdmin phpMyAdmin	=4.4.2
phpMyAdmin phpMyAdmin	=4.4.3
phpMyAdmin phpMyAdmin	=4.4.4
phpMyAdmin phpMyAdmin	=4.4.5
phpMyAdmin phpMyAdmin	=4.4.6
phpMyAdmin phpMyAdmin	=4.4.6.1
phpMyAdmin phpMyAdmin	=4.4.7
phpMyAdmin phpMyAdmin	=4.4.8
phpMyAdmin phpMyAdmin	=4.4.9
phpMyAdmin phpMyAdmin	=4.4.10
phpMyAdmin phpMyAdmin	=4.4.11
phpMyAdmin phpMyAdmin	=4.4.12
phpMyAdmin phpMyAdmin	=4.4.13
phpMyAdmin phpMyAdmin	=4.4.13.1
phpMyAdmin phpMyAdmin	=4.4.14
phpMyAdmin phpMyAdmin	=4.4.14.1
phpMyAdmin phpMyAdmin	=4.4.15
phpMyAdmin phpMyAdmin	=4.4.15.1
phpMyAdmin phpMyAdmin	=4.4.15.2
phpMyAdmin phpMyAdmin	=4.4.15.3
phpMyAdmin phpMyAdmin	=4.4.15.4
phpMyAdmin phpMyAdmin	=4.5.0
phpMyAdmin phpMyAdmin	=4.5.0-beta1
phpMyAdmin phpMyAdmin	=4.5.0-beta2
phpMyAdmin phpMyAdmin	=4.5.0-rc1
phpMyAdmin phpMyAdmin	=4.5.0.1
phpMyAdmin phpMyAdmin	=4.5.0.2
phpMyAdmin phpMyAdmin	=4.5.1
phpMyAdmin phpMyAdmin	=4.5.2
phpMyAdmin phpMyAdmin	=4.5.3
phpMyAdmin phpMyAdmin	=4.5.3.1
phpMyAdmin phpMyAdmin	=4.5.4
phpMyAdmin phpMyAdmin	=4.5.4.1
phpMyAdmin phpMyAdmin	=4.5.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-2560?
CVE-2016-2560 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2016-2560?
To fix CVE-2016-2560, upgrade phpMyAdmin to version 4.0.10.15 or later, 4.4.15.5 or later, or 4.5.5.1 or later.
What types of attacks are possible using CVE-2016-2560?
CVE-2016-2560 allows remote attackers to inject arbitrary web scripts or HTML through crafted HTTP headers or JSON data.
Which versions of phpMyAdmin are affected by CVE-2016-2560?
CVE-2016-2560 affects phpMyAdmin versions 4.0.x prior to 4.0.10.15, 4.4.x prior to 4.4.15.5, and 4.5.x prior to 4.5.5.1.
How can I determine if my phpMyAdmin installation is vulnerable to CVE-2016-2560?
You can determine if your phpMyAdmin installation is vulnerable by checking the version number and confirming it is one of the affected versions listed in CVE-2016-2560.

collector/nvd-index
agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/references
agent/author
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/description
agent/source
vendor/phpmyadmin
canonical/phpmyadmin phpmyadmin
version/phpmyadmin phpmyadmin/4.0.0
version/phpmyadmin phpmyadmin/4.0.1
version/phpmyadmin phpmyadmin/4.0.2
version/phpmyadmin phpmyadmin/4.0.3
version/phpmyadmin phpmyadmin/4.0.4
version/phpmyadmin phpmyadmin/4.0.4.1
version/phpmyadmin phpmyadmin/4.0.4.2
version/phpmyadmin phpmyadmin/4.0.5
version/phpmyadmin phpmyadmin/4.0.6
version/phpmyadmin phpmyadmin/4.0.7
version/phpmyadmin phpmyadmin/4.0.8
version/phpmyadmin phpmyadmin/4.0.9
version/phpmyadmin phpmyadmin/4.0.10
version/phpmyadmin phpmyadmin/4.0.10.1
version/phpmyadmin phpmyadmin/4.0.10.2
version/phpmyadmin phpmyadmin/4.0.10.3
version/phpmyadmin phpmyadmin/4.0.10.4
version/phpmyadmin phpmyadmin/4.0.10.5
version/phpmyadmin phpmyadmin/4.0.10.6
version/phpmyadmin phpmyadmin/4.0.10.7
version/phpmyadmin phpmyadmin/4.0.10.8
version/phpmyadmin phpmyadmin/4.0.10.9
version/phpmyadmin phpmyadmin/4.0.10.10
version/phpmyadmin phpmyadmin/4.0.10.11
version/phpmyadmin phpmyadmin/4.0.10.12
version/phpmyadmin phpmyadmin/4.0.10.13
version/phpmyadmin phpmyadmin/4.0.10.14
version/phpmyadmin phpmyadmin/4.4.0
version/phpmyadmin phpmyadmin/4.4.1
version/phpmyadmin phpmyadmin/4.4.1.1
version/phpmyadmin phpmyadmin/4.4.2
version/phpmyadmin phpmyadmin/4.4.3
version/phpmyadmin phpmyadmin/4.4.4
version/phpmyadmin phpmyadmin/4.4.5
version/phpmyadmin phpmyadmin/4.4.6
version/phpmyadmin phpmyadmin/4.4.6.1
version/phpmyadmin phpmyadmin/4.4.7
version/phpmyadmin phpmyadmin/4.4.8
version/phpmyadmin phpmyadmin/4.4.9
version/phpmyadmin phpmyadmin/4.4.10
version/phpmyadmin phpmyadmin/4.4.11
version/phpmyadmin phpmyadmin/4.4.12
version/phpmyadmin phpmyadmin/4.4.13
version/phpmyadmin phpmyadmin/4.4.13.1
version/phpmyadmin phpmyadmin/4.4.14
version/phpmyadmin phpmyadmin/4.4.14.1
version/phpmyadmin phpmyadmin/4.4.15
version/phpmyadmin phpmyadmin/4.4.15.1
version/phpmyadmin phpmyadmin/4.4.15.2
version/phpmyadmin phpmyadmin/4.4.15.3
version/phpmyadmin phpmyadmin/4.4.15.4
version/phpmyadmin phpmyadmin/4.5.0
version/phpmyadmin phpmyadmin/4.5.0-beta1
version/phpmyadmin phpmyadmin/4.5.0-beta2
version/phpmyadmin phpmyadmin/4.5.0-rc1
version/phpmyadmin phpmyadmin/4.5.0.1
version/phpmyadmin phpmyadmin/4.5.0.2
version/phpmyadmin phpmyadmin/4.5.1
version/phpmyadmin phpmyadmin/4.5.2
version/phpmyadmin phpmyadmin/4.5.3
version/phpmyadmin phpmyadmin/4.5.3.1
version/phpmyadmin phpmyadmin/4.5.4
version/phpmyadmin phpmyadmin/4.5.4.1
version/phpmyadmin phpmyadmin/4.5.5

CVE-2016-2560: XSS

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-2560?

How do I fix CVE-2016-2560?

What types of attacks are possible using CVE-2016-2560?

Which versions of phpMyAdmin are affected by CVE-2016-2560?

How can I determine if my phpMyAdmin installation is vulnerable to CVE-2016-2560?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-2560?

How do I fix CVE-2016-2560?

What types of attacks are possible using CVE-2016-2560?

Which versions of phpMyAdmin are affected by CVE-2016-2560?

How can I determine if my phpMyAdmin installation is vulnerable to CVE-2016-2560?