Published: 10 October 2020
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
From the Ubuntu security team
CVSS 3 base score: 6.1
Launchpad, Ubuntu, Debian
|Ubuntu 21.04 (Hirsute Hippo)||
|Ubuntu 20.10 (Groovy Gorilla)||
|Ubuntu 20.04 LTS (Focal Fossa)||
|Ubuntu 18.04 LTS (Bionic Beaver)||
|Ubuntu 16.04 LTS (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
vulerability was introduced in 2.5.0. File where issue is is different in bionic and earlier.