Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.
lists.opensuse.org/opensuse-updates/2016-06/msg00043.html
www.debian.org/security/2016/dsa-3627
www.securityfocus.com/bid/90877
www.securitytracker.com/id/1035979
github.com/phpmyadmin/phpmyadmin/commit/b061096abd992801fbbd805ef6ff74e627528780
security.gentoo.org/glsa/201701-32
www.phpmyadmin.net/security/PMASA-2016-16