Cross-Site Scripting Flaw in ADOdb by ADOdb Team
CVE-2016-4855

6.1MEDIUM

Key Information:

Vendor: Adodb
Status: Adodb
Vendor: CVE Published:; 12 May 2017

What is CVE-2016-4855?

The vulnerability in ADOdb affects versions prior to 5.20.6, allowing remote attackers to perform cross-site scripting (XSS) attacks. This can lead to the injection of arbitrary web scripts or HTML, compromising the security of applications that utilize this database abstraction library. Attackers could exploit this flaw through unspecified vectors, potentially exposing users to malicious content and actions. Organizations using vulnerable versions should prioritize updating to mitigate this security risk.

Affected Version(s)

ADOdb versions prior to 5.20.6

References

https://github.com/ADOdb/ADOdb/issues/274

x_refsource_CONFIRM

http://www.securityfocus.com/bid/92753

vdb-entryx_refsource_BID

https://security.gentoo.org/glsa/201701-59

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2017
Vulnerability Reserved
May 17, 2016

Adodb

What is CVE-2016-4855?

Affected Version(s)

References

CVSS V3.1

Timeline