From secunia security advisory ad $URL:
1) Certain unspecified input related to the page title is not properly sanitised in classes/Misc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed to the "return_url" and "return_desc" parameters in display.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in versions prior to 5.0.3.
Update to version 5.0.3
Ebuild added to CVS.
Arches, please test and mark stable:
target KEYWORDS : "amd64 hppa ppc x86"
looks perfect also on a server
Stable for HPPA.
amd64 done. Thanks Agostino and Elijah
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before
5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1)
a web page title, related to classes/Misc.php; or the (2) return_url or (3)
return_desc parameter to display.php.
ppc stable, last arch done
Please remove vulnerable versions from the tree.