CVE-2016-2561
Detail
Modified After Enrichment This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html
CVE, MITRE
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html
CVE, MITRE
http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html
CVE, MITRE
http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html
CVE, MITRE
http://www.debian.org/security/2016/dsa-3627
CVE, MITRE
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372
CVE, MITRE
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775
CVE, MITRE
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f
CVE, MITRE
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
CVE, MITRE
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b
CVE, MITRE
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
CVE, MITRE
Patch
https://www.phpmyadmin.net/security/PMASA-2016-12/
CVE, MITRE
Patch
Vendor Advisory
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
NIST
Change History
8 change records found show changes
CVE Modified by MITRE
6/16/2026 8:44:17 PM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]
CVE Status Change
5/06/2026 6:30:45 PM
Action
Type
Old Value
New Value
CVE Modified by CVE
11/20/2024 9:48:42 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html
Added
Reference
http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html
Added
Reference
http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html
Added
Reference
http://www.debian.org/security/2016/dsa-3627
Added
Reference
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372
Added
Reference
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775
Added
Reference
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f
Added
Reference
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
Added
Reference
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b
Added
Reference
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
Added
Reference
https://www.phpmyadmin.net/security/PMASA-2016-12/
CVE Modified by MITRE
5/13/2024 11:55:19 PM
Action
Type
Old Value
New Value
CVE Modified by MITRE
12/02/2016 10:25:38 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html [No Types Assigned]
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html [No Types Assigned]
Added
Reference
http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html [No Types Assigned]
Added
Reference
http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html [No Types Assigned]
CVE Modified by MITRE
11/28/2016 3:04:25 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.debian.org/security/2016/dsa-3627 [No Types Assigned]
Modified Analysis by NIST
3/03/2016 12:09:49 PM
Action
Type
Old Value
New Value
Added
CVSS V3
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Added
CVSS V2
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Added
CWE
CWE-79
Added
CPE Configuration
Record truncated, showing 2048 of 2400 characters.
View Entire Change Record Configuration 1
OR
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4.1:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3.1:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.1:*:*:*:*:*:*:*
*cpe:2.3:a:phpmyadmin:phpmyad
Changed
Reference Type
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372 No Types Assigned
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372 Patch
Changed
Reference Type
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775 No Types Assigned
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775 Patch
Changed
Reference Type
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f No Types Assigned
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f Patch
Changed
Reference Type
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef No Types Assigned
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef Patch
Changed
Reference Type
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b No Types Assigned
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b Patch
Changed
Reference Type
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e No Types Assigned
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e Patch
Changed
Reference Type
https://www.phpmyadmin.net/security/PMASA-2016-12/ No Types Assigned
https://www.phpmyadmin.net/security/PMASA-2016-12/ Advisory, Patch
Initial CVE Analysis
3/03/2016 10:46:49 AM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2016-2561 NVD
Published Date: 03/01/2016 NVD
Last Modified: 06/16/2026
Source: MITRE
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
