Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable.

This update of phpMyAdmin fixes several security issues.

  - update to 3.5.8.1 (2013-04-24)

  - [security] Remote code execution (preg_replace),     reported by Janek Vind (see PMASA-2013-2)

  - [security] Locally Saved SQL Dump File Multiple File     Extension Remote Code Execution, reported by Janek Vind     (see PMASA-2013-3)

  - fix for bnc#824301

  - PMASA-2013-2 (CVE-2013-3238)

  - fix for bnc#824302

  - PMASA-2013-3 (CVE-2013-3239)

  - update to 3.5.8 (2013-04-08)

  - sf#3828 MariaDB reported as MySQL

  - sf#3854 Incorrect header for Safari 6.0

  - sf#3705 Attempt to open trigger for edit gives NULL

  - Use HTML5 DOCTYPE

  - [security] Self-XSS on GIS visualisation page, reported     by Janek Vind see PMASA-2013-1

  - sf#3800 Incorrect keyhandler behaviour #2

  - fix for bnc#814678

  - PMASA-2013-1 (CVE-2013-1937)

The remote host is affected by the vulnerability described in GLSA-201311-02 (phpMyAdmin: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in phpMyAdmin. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote authenticated attacker could exploit these vulnerabilities to       execute arbitrary code with the privileges of the process running       phpMyAdmin, inject SQL code, or to conduct Cross-Site Scripting and       Clickjacking attacks.
  Workaround :

    There is no known workaround at this time.

According to its self-identified version number, the phpMyAdmin 3.5.x install hosted on the remote web server is earlier than 3.5.8 and is, therefore, affected by multiple cross-site scripting vulnerabilities. The flaw exists in the 'visualizationSettings[width]' and 'visualizationSettings[height]' parameters of the 'tls_gis_visualization.php' script.  An unauthenticated, remote attacker, exploiting this flaw, could execute arbitrary script code in a user's browser.

phpMyAdmin 3.5.8.0 (2013-04-08) ===============================

  - [bug] MariaDB reported as MySQL

    - [bug] Incorrect header for Safari 6.0

    - [bug] Attempt to open trigger for edit gives NULL

    - [change] Use HTML5 DOCTYPE

    - [security] Self-XSS on GIS visualisation page,       reported by Janek Vind

    - [bug] Incorrect keyhandler behaviour #2

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The phpMyAdmin development team reports :

When modifying a URL parameter with a crafted value it is possible to trigger an XSS.

These XSS can only be triggered when a valid database is known and when a valid cookie token is used.

Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter (CVE-2013-1937).

This upgrade provides the latest phpmyadmin version (3.5.8) to address this vulnerability.

ID	Name	Product	Family	Severity
75055	openSUSE Security Update : phpMyAdmin (openSUSE-SU-2013:1065-1)	Nessus	SuSE Local Security Checks	medium
70753	GLSA-201311-02 : phpMyAdmin: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
66203	phpMyAdmin 3.5.x < 3.5.8 tbl_gis_visualization.php Multiple XSS	Nessus	CGI abuses : XSS	medium
66183	Fedora 17 : phpMyAdmin-3.5.8-1.fc17 (2013-5623)	Nessus	Fedora Local Security Checks	medium
66182	Fedora 18 : phpMyAdmin-3.5.8-1.fc18 (2013-5620)	Nessus	Fedora Local Security Checks	medium
66181	Fedora 19 : phpMyAdmin-3.5.8-1.fc19 (2013-5604)	Nessus	Fedora Local Security Checks	medium
66169	FreeBSD : phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page (7280c3f6-a99a-11e2-8cef-6805ca0b3d42)	Nessus	FreeBSD Local Security Checks	medium
66156	Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:144)	Nessus	Mandriva Local Security Checks	medium

Detections

Analytics

CVE-2013-1937

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium