Medium severity6.1NVD Advisory· Published May 12, 2017· Updated May 13, 2026

CVE-2016-4855

Description

Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
adodb/adodb-phpPackagist	< 5.20.6	5.20.6

Affected products

Adodb Project/Adodb
cpe:2.3:a:adodb_project:adodb:*:*:*:*:*:*:*:*
Range: <=5.20.5
ADOdb/ADOdbv5
Range: versions prior to 5.20.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN48237713/index.htmlnvdThird Party AdvisoryVDB EntryWEB
www.securityfocus.com/bid/92753nvdThird Party AdvisoryVDB EntryWEB
github.com/ADOdb/ADOdb/issues/274nvdThird Party AdvisoryWEB
github.com/advisories/GHSA-hhfw-xxhm-pf32ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2016-4855ghsaADVISORY
github.com/ADOdb/ADOdb/commit/ecb93d8c1fd3bbde62aca9c3a13c32f077da2da8ghsaWEB
github.com/FriendsOfPHP/security-advisories/blob/master/adodb/adodb-php/CVE-2016-4855.yamlghsaWEB
security.gentoo.org/glsa/201701-59nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000