| VID |
22599 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The version of phpMyAdmin on the remote host is 3.5.x prior to 3.5.8. This version is affected by multiple cross-site scripting vulnerabilities:
The flaw exists in the 'visualizationSettings[width]' and 'visualizationSettings[height]' parameters of the 'tls_gis_visualization.php' script. An unauthenticated, remote attacker, exploiting this flaw, could execute arbitrary script code in a user's browser.
* Note: This check solely relied on the version number of the remote phpMyAdmin software to assess this vulnerability, so this might be a false positive.
* References:
http://www.waraxe.us/advisory-102.html
* Platforms Affected:
phpMyAdmin 3.5.x prior to 3.5.8
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpMyAdmin (3.5.8 or later), available from the phpMyAdmin Download Web page at
http://www.phpmyadmin.net/home_page/downloads.php |
| Related URL |
CVE-2013-1937 (CVE) |
| Related URL |
58962 (SecurityFocus) |
| Related URL |
(ISS) |
|
