phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page

2013-04-18T00:00:00
ID 7280C3F6-A99A-11E2-8CEF-6805CA0B3D42
Type freebsd
Reporter FreeBSD
Modified 2013-04-18T00:00:00

Description

The phpMyAdmin development team reports:

When modifying a URL parameter with a crafted value it is possible to trigger an XSS. These XSS can only be triggered when a valid database is known and when a valid cookie token is used.