Name: CVE-2013-1937 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1937 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130219 Category: Reference: FULLDISC:20130409 [waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7 Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0101.html Reference: MLIST:[oss-security] 20130409 Re: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Reference: URL:http://openwall.com/lists/oss-security/2013/04/09/13 Reference: MISC:http://packetstormsecurity.com/files/121205/phpMyAdmin-3.5.7-Cross-Site-Scripting.html Reference: MISC:http://www.waraxe.us/advisory-102.html Reference: CONFIRM:https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. Reproducible: Steps to Reproduce:
phpmyadmin-3.5.8-0.1.mga2.src.rpm has been put in mga2 core/updates_testing. The same version would have to be pushed in cauldron. Packages for MBS1 has been tested and pushed: http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:144/
It has not been committed in Cauldron SVN yet, so assigning the maintainer. The Mageia 2 update candidate should use release tag 1 with no subrel.
CC: (none) => luigiwalserAssignee: bugsquad => lists.jjorge
Thanks, it is in cauldron now.
Thanks José. Now the release tag needs fixed for the Mageia 2 update.
Summary: CVE-2013-1937: phpmyadmin - Reflected XSS in phpMyAdmin 3.5.7 => phpmyadmin - Reflected XSS in phpMyAdmin 3.5.7 (CVE-2013-1937)
Updated package uploaded for Mageia 2 by Oden. Thanks Oden. Advisory: ======================== Updated phpmyadmin package fixes security vulnerability: Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter (CVE-2013-1937). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1937 http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:144/ ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-3.5.8-1.mga2 from phpmyadmin-3.5.8-1.mga2.src.rpm
CC: (none) => lists.jjorgeAssignee: lists.jjorge => qa-bugs
PoC's: From http://www.waraxe.us/advisory-102.html Tests (parameters "db" and "token" must be valid): http://localhost/PMA/tbl_gis_visualization.php?db=information_schema& token=17961b7ab247b6d2b39d730bf336cebb& visualizationSettings[width]="><script>alert(123);</script> http://localhost/PMA/tbl_gis_visualization.php?db=information_schema& token=17961b7ab247b6d2b39d730bf336cebb &visualizationSettings[height]="><script>alert(123);</script> Result: javascript alert box pops up, confirming Reflected XSS vulnerability.
Testing complete mga2 64 Confirmed PoC http://localhost/phpmyadmin/tbl_gis_visualization.php?db=information_schema&token=17961b7ab247b6d2b39d730bf336cebb&visualizationSettings[width]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E changing the token=....& to whatever the token is set to in the url once logged in to phpmyadmin. Confirmed fixed after update.
Whiteboard: (none) => has_procedure mga2-64-ok
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1937 => http://lwn.net/Vulnerabilities/547524/
Testing complete mga2 32 Validating Advisory and srpm in comment 5 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure mga2-64-ok => has_procedure mga2-64-ok mga3-32-okCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0122
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED