https://www.phpmyadmin.net/security/PMASA-2016-38/ PMASA-2016-38 Announcement-ID: PMASA-2016-38 Date: 2016-07-13 Summary Multiple XSS vulnerabilities Description Multiple XSS vulnerabilities were found in the following areas: Navigation pane and database/table hiding feature. A specially-crafted database name can be used to trigger an XSS attack. The "Tracking" feature. A specially-crafted query can be used to trigger an XSS attack. GIS visualization feature. Severity We consider this vulnerability to be non-critical. Affected Versions All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6615 CWE ids: CWE-661 Patches The following commits have been made on the 4.4 branch to fix this issue: 20db714 6e8a1c0 d0b6abf The following commits have been made on the 4.6 branch to fix this issue: 306c148 78bed3c cc7d01d