From Mageia wiki
MGASA-2013-0122
| Date: | April 18th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated phpmyadmin package fixes security vulnerability:
Multiple cross-site scripting (XSS) vulnerabilities in
tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow
remote attackers to inject arbitrary web script or HTML via the (1)
visualizationSettings[width] or (2) visualizationSettings[height]
parameter (CVE-2013-1937).
Updated Packages:
i586:
phpmyadmin-3.5.8-1.mga2.noarch.rpm
x86_64:
phpmyadmin-3.5.8-1.mga2.noarch.rpm
SRPMS:
phpmyadmin-3.5.8-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1937
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:144/
https://bugs.mageia.org/show_bug.cgi?id=9755
