The phpMyAdmin project reports: Summary Self-XSS due to unescaped HTML output in recent/favorite tables navigation. Description When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. External references: http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php
Created phpMyAdmin tracking bugs for this issue: Affects: epel-5 [bug 1117602]
Created phpMyAdmin tracking bugs for this issue: Affects: epel-6 [bug 1117603]
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1117604]
phpMyAdmin-4.2.6-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.2.6-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.0.10.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin4-4.0.10.3-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
OpenShift currently ships phpMyAdmin-4.0.10.5 which fixes PMASA-2014-12 and all earlier issues. http://www.phpmyadmin.net/home_page/security/