Multiple XSS vulnerability were found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks.
We received a security advisory from Cedric Cochin (netvigilance.com) about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points:
As any of those vulnerabilites can be used for a XSS attack, we consider them to be serious.
Not all previous versions are affected by all vulnerabilities, but it's safe to say that releases up to and including 2.6.0-pl2 are at risk.
CVS HEAD has been fixed. The upcoming 2.6.0-pl3 release.
We strongly advise everyone to upgrade to the next version of phpMyAdmin, which is to be released soon.
Assigned CVE ids: CVE-2004-1055
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.