The version of phpMyAdmin fails to validate BBcode tags in user input to the 'error' parameter of the 'error.php' script before using it to generate dynamic HTML. An attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site. For example, this could be used to cause a page with arbitrary text and a link to an external site to be displayed.
Unvalidated input on error page.
[SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities
phpmyadmin - several
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)