CVE-2013-1937

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 3.5.x through 3.5.7

Description Multiple cross-site scripting (XSS) vulnerabilities in tbl gis visualization.php might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter.

Recommendations For phpMyAdmin versions 3.5.x through 3.5.7, update to version 3.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the tbl gis visualization.php file until a patch is applied. Avoid using the visualizationSettings[width] and visualizationSettings[height] parameters in the affected API endpoint until the issue is resolved.