phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*" ] }