Summary: | <dev-db/phpmyadmin-3.5.8: XSS flaw when displaying GIS Visualization(s) (CVE-2013-1937) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | a3li, web-apps |
Priority: | Low | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=950102 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-04-10 18:10:27 UTC
Arches, please test and mark stable: =dev-db/phpmyadmin-3.5.8 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86" Stable for HPPA. CVE-2013-1937 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1937): Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. amd64 stable x86 stable ppc stable ppc64 stable alpha stable sparc stable glsa with 467080, 478696, 479870 This issue was resolved and addressed in GLSA 201311-02 at http://security.gentoo.org/glsa/glsa-201311-02.xml by GLSA coordinator Sergey Popov (pinkbyte). |