Andreas Kerber

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 2.6.4 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the `username` variable to libraries/auth/cookie.auth.lib.php or the `error` parameter to error.php. **Recommendations** For versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the libraries/auth/cookie.auth.lib.php and error.php files to minimize the risk of exploitation. Avoid using the `username` variable in the affected libraries/auth/cookie.auth.lib.php file and the `error` parameter in the error.php file until the issue is resolved.