We received an advisory from Tim Brown, Nth Dimension, and we wish to thank him for his work. The login page (auth_type cookie) was vulnerable to XSS via the convcharset parameter.
We consider this vulnerability to be serious.
Probably all versions before 220.127.116.11.
Upgrade to phpMyAdmin 18.104.22.168 or newer.
Assigned CVE ids: CVE-2007-6100
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.