Multiple vulnerabilities have been reported in phpPgAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
1) Certain unspecified input related to the page title is not properly sanitised in classes/Misc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed to the "return_url" and "return_desc" parameters in display.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in versions prior to 5.0.3.
