Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Some input passed to the "HTTP_HOST" variable and certain scripts in the libraries directory isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The below fix can be applied for H-Sphere versions: before 2.5

Installation Procedure :

1. Log into the control panel server as root:
su -l
2. Download the archive with the update:
Linux:
# wget http://www.psoft.net/shiv/HS/u-myadmin.tgz
FreeBSD:
# fetch http://www.psoft.net/shiv/HS/u-myadmin.tgz
3. Untar the archive:
# tar xfz u-myadmin.tgz
4. Run the update script:
# cd u-myadmin
# /bin/sh update.sh

Courtesy : Psoft.net