Nom du paquet
phpmyadmin
Date
2013-04-16
Advisory ID
MDVSA-2013:144
Affected versions
MBS1 x86_64

Problem description

Multiple cross-site scripting (XSS) vulnerabilities in
tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow
remote attackers to inject arbitrary web script or HTML via the (1)
visualizationSettings[width] or (2) visualizationSettings[height]
parameter (CVE-2013-1937).

This upgrade provides the latest phpmyadmin version (3.5.8) to address
this vulnerability.

Updated packages

MBS1 x86_64

 929b248f9b33fbf73022a491e48b88f4  mbs1/x86_64/phpmyadmin-3.5.8-0.1.mbs1.noarch.rpm 
 9cc9136cc4280dd3d3904708be166076  mbs1/SRPMS/phpmyadmin-3.5.8-0.1.mbs1.src.rpm

References