https://www.phpmyadmin.net/security/PMASA-2016-31/ PMASA-2016-31 Announcement-ID: PMASA-2016-31 Date: 2016-07-11 Summary Multiple XSS vulnerabilities Description XSS vulnerabilities were discovered in: The database privilege check The "Remove partitioning" functionality Specially crafted database names can trigger the XSS attack. Severity We consider these vulnerabilities to be of moderate severity. Affected Versions All 4.6.x versions (prior to 4.6.4) are affected Solution Upgrade to phpMyAdmin 4.6.4 or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6608 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: f0f8f2b 0fad729 a32b3ce 7e510e8