Description
An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin Funky Penguin WP-PHPList 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)
WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.5)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-9585)