Security update for phpMyAdmin SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1434-1 Final 1 1 2016-05-29T07:32:08Z current 2016-05-29T07:32:08Z 2016-05-29T07:32:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for phpMyAdmin phpMyAdmin was updated to fix one security issue. The following vulnerability was fixed: - CVE-2016-5099: Self XSS vulneratbility - A specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page (boo#982128, PMASA-2016-16) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-05/msg00119.html E-Mail link for openSUSE-SU-2016:1434-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 phpMyAdmin-4.4.15.6-19.1 phpMyAdmin-4.4.15.6-19.1 as a component of openSUSE Leap 42.1 Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. CVE-2016-5099 openSUSE Leap 42.1:phpMyAdmin-4.4.15.6-19.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-05/msg00119.html https://www.suse.com/security/cve/CVE-2016-5099.html CVE-2016-5099 https://bugzilla.suse.com/982126 SUSE Bug 982126 https://bugzilla.suse.com/982128 SUSE Bug 982128