CVE-2013-1937

Upstream information

CVE-2013-1937 at MITRE

Description

Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter.

SUSE information

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.30
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	Partial
Availability Impact	None

SUSE Bugzilla entry: 814678 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2013:1065-1, published Fri, 21 Jun 2013 13:04:41 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 12.3	`phpMyAdmin >= 3.5.8.1-1.4.1`	Patchnames: openSUSE-2013-524

CVE-2013-1937

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Services