Medium severity6.1NVD Advisory· Published Apr 16, 2013· Updated Jun 16, 2026
CVE-2013-1937
CVE-2013-1937
Description
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:*:rc1:*:*:*:*:*:*range: <=3.5.8
- (no CPE)range: >=3.5.0, <3.5.8
Patches
Vulnerability mechanics
References
12- packetstormsecurity.com/files/121205/phpMyAdmin-3.5.7-Cross-Site-Scripting.htmlnvdExploit
- www.waraxe.us/advisory-102.htmlnvdExploit
- archives.neohapsis.com/archives/fulldisclosure/2013-04/0101.htmlnvd
- immunityservices.blogspot.com/2019/02/cvss.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-April/103184.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-April/103188.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-April/103195.htmlnvd
- lists.opensuse.org/opensuse-updates/2013-06/msg00181.htmlnvd
- openwall.com/lists/oss-security/2013/04/09/13nvd
- www.mandriva.com/security/advisoriesnvd
- www.phpmyadmin.net/home_page/security/PMASA-2013-1.phpnvd
- github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5anvd
News mentions
0No linked articles in our index yet.