Lines 393 to 395 and 517 to 520 data is echoed from $_REQUEST without sanitisation. Fixed this with a simple htmlentities;
Thank you for the patch.
But these vulnerabilities have been fixed in the subsequent releases. See . Specific commits that fix these vulnerabilities are  & .
Please use firstname.lastname@example.org email address to report security issues in phpMyAdmin. More information can be found at