CVE-2024-4216

2024-05-0218:15:07

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

web.nvd.nist.gov

pgadmin

xss

vulnerability

api

json

payload

attackers

malicious

script

client.

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "pgadmin layout"
    ],
    "product": "pgAdmin 4",
    "programFiles": [
      "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/browser/templates/browser/js/utils.js"
    ],
    "repo": "https://github.com/pgadmin-org/pgadmin4",
    "vendor": "pgadmin.org",
    "versions": [
      {
        "lessThan": "8.6",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]