We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to create a malicious database name that contains XSS code.
Our team fixed another XSS vulnerability regarding database names.
We consider these vulnerabilities to be serious.
Probably all versions before 18.104.22.168.
Upgrade to phpMyAdmin 22.214.171.124 or newer.
For the first issue: http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html
Assigned CVE ids: CVE-2007-5977
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.