[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1937Date: (C)2013-06-26   (M)2024-04-19


Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.1CVSS Score : 4.3
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 2.7Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: NONE
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0101.html
FEDORA-2013-5604
FEDORA-2013-5620
FEDORA-2013-5623
MDVSA-2013:144
http://openwall.com/lists/oss-security/2013/04/09/13
http://immunityservices.blogspot.com/2019/02/cvss.html
http://packetstormsecurity.com/files/121205/phpMyAdmin-3.5.7-Cross-Site-Scripting.html
http://www.phpmyadmin.net/home_page/security/PMASA-2013-1.php
http://www.waraxe.us/advisory-102.html
https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a
openSUSE-SU-2013:1065

CWE    1
CWE-79
OVAL    2
oval:org.secpod.oval:def:104854
oval:org.secpod.oval:def:104853

© SecPod Technologies