phpMyAdmin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2013-1937
Reference:
CVE-2013-1937
Title:
phpMyAdmin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettingswidth or (2) visualizationSettingsheight parameter. NOTE: a third party reports that this is quotnot exploitable.