Upstream has issued an advisory on February 20:
phpMyAdmin 4.7.8 has been released, fixing this issue:
Mageia 6 is also affected.
Fixed upstream in 4.7.8Whiteboard:
Thanks for the report. Version 4.7.8 submitted to cauldron and MGA6.
Mageia 6 update hasn't been pushed yet.
(In reply to David Walser from comment #2)
> Mageia 6 update hasn't been pushed yet.
You are right, now it is pushed.
Updated phpmyadmin package fixes security vulnerability:
A self-cross site scripting (XSS) vulnerability has been reported relating to
the central columns feature (CVE-2018-7260).
Updated packages in core/updates_testing:
AFTER update to: phpmyadmin-4.7.8-1.mga6
Chose UK English language at login, created a database, one table, 4 different fields, first made unique & index, inserted rows, edited data, deleted by row, deleted table, deleted the DB. All looks OK, so OKing & validating the update as it has nothing to do with the current Qt update.
An update for this issue has been pushed to the Mageia Updates repository.