Phpmyadmin · Phpmyadmin · CVE-2020-26934
Name of the Vulnerable Software and Affected Versions:
phpMyAdmin versions 4.9.6 and earlier, 5.x versions prior to 5.0.3
Description:
The issue is related to the transformation feature in phpMyAdmin, which allows for cross-site scripting (XSS) attacks via a crafted link. This can enable a remote attacker to perform cross-site scripting attacks. The vulnerability is due to the lack of protection of the web page structure.
Recommendations:
For phpMyAdmin versions 4.9.6 and earlier, update to version 4.9.6 or later.
For 5.x versions prior to 5.0.3, update to version 5.0.3 or later.
As a temporary workaround, consider disabling the transformation feature until a patch is available.