1) Go to 'Relation view' of any table.
2) Create a Foreign key constraint.
3) When it asks for 'Constraint name', enter the following:
" /><script>alert("seep");</script><input type="hidden" value="
4) Click save. You will get a pop-up.
I think its because the $constraint_name variable (in concatenation) in tbl_realtion.lib.php file at line number 557 is not escaped.