Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Some input passed to the "HTTP_HOST" variable and certain scripts in the libraries directory isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The below fix can be applied for H-Sphere versions: before 2.5

Installation Procedure :

1. Log into the control panel server as root:
su -l
2. Download the archive with the update:
# wget
# fetch
3. Untar the archive:
# tar xfz u-myadmin.tgz
4. Run the update script:
# cd u-myadmin
# /bin/sh

Courtesy :