The phpMyAdmin developers have announced the release of version 3.3.5.1 and 2.11.10.1 of their database administration tool. The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems. The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify. Read the full article in this article by The H Security Newsroom on The H S&S.
Source: https://threatpost.com/phpmyadmin-closes-code-execution-holes-082310/74364/