phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB.
Affected versions of this package are vulnerable to SQL Injection via the
libraries/classes/Display/Results.php classes where malicious code could be used to trigger an XSS attack through retrieving and displaying results. The attacker must be able to insert crafted data into certain database tables, which when retrieved can trigger the XSS attack.
phpmyadmin/phpmyadmin to version 4.9.5, 5.0.2 or higher.