In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. https://www.phpmyadmin.net/security/PMASA-2023-1/
Created phpMyAdmin tracking bugs for this issue: Affects: epel-7 [bug 2169542] Affects: fedora-all [bug 2169541]