CVE-2013-1937

MEDIUM

Phpmyadmin < 3.5.8 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable.

Exploits (1)

exploitdb WORKING POC VERIFIED
by waraxe · textwebappsphp
https://www.exploit-db.com/exploits/38440

References (12)

Scores

CVSS v3 6.1
EPSS 0.0811
EPSS Percentile 92.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (13)
phpmyadmin/phpmyadmin < 3.5.8
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
... and 3 more
Published Apr 16, 2013
Tracked Since Feb 18, 2026