[waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7

waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...

phpMyAdmin 3.5.x < 3.5.8 tbl_gis_visualization.php Multiple XSS

According to its self-identified version number, the phpMyAdmin 3.5.x install hosted on the remote web server is earlier than 3.5.8 and is, therefore, affected by multiple cross-site scripting vulnerabilities. The flaw exists in the 'visualizationSettingswidth' and 'visualizationSettingsheight'...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...

CVE-2013-1937

Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...