CVE-2016-5704: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 17, 2022 (updated July 31, 2023)

Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.

References

github.com/advisories/GHSA-gcvp-cwgw-wx8j
github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b
nvd.nist.gov/vuln/detail/CVE-2016-5704
security.gentoo.org/glsa/201701-32
www.phpmyadmin.net/security/PMASA-2016-20/

Detect and mitigate CVE-2016-5704 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →