| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2026-12047 | 18 Jun 202623:37 | – | attackerkb | |
| CVE-2026-12047 pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text | 18 Jun 202623:37 | – | cvelist | |
| EUVD-2026-37967 | 19 Jun 202600:31 | – | euvd | |
| [SECURITY] Fedora 43 Update: pgadmin4-9.16-1.fc43 | 28 Jun 202601:10 | – | fedora | |
| [SECURITY] Fedora 44 Update: pgadmin4-9.16-1.fc44 | 28 Jun 202600:58 | – | fedora | |
| Fedora 43 : pgadmin4 (2026-5938be3b09) | 28 Jun 202600:00 | – | nessus | |
| Fedora 44 : pgadmin4 (2026-c248414214) | 28 Jun 202600:00 | – | nessus | |
| pgAdmin < 9.16 HTML Injection (CVE-2026-12047) | 24 Jun 202600:00 | – | nessus | |
| CVE-2026-12047 | 19 Jun 202600:16 | – | nvd | |
| CVE-2026-12047 pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text | 18 Jun 202623:37 | – | osv |
[
{
"vendor": "pgadmin.org",
"product": "pgAdmin 4",
"repo": "https://github.com/pgadmin-org/pgadmin4",
"modules": [
"Cloud Deployment",
"Cloud RDS",
"Cloud Azure",
"Cloud Google"
],
"programFiles": [
"https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/__init__.py",
"https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/rds/__init__.py",
"https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/azure/__init__.py",
"https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/google/__init__.py",
"https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/static/js/CloudWizard.jsx"
],
"versions": [
{
"status": "affected",
"version": "6.6",
"lessThan": "9.16",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| access_key | request body | rds/verify_credentials/ | HTML/JS injection via unsanitised SDK/exception text propagated to JSON response from rds/verify_credentials. | CWE-116, CWE-79 |
| cluster_name | request body | azure/check_cluster_name_availability | HTML/JS injection via unsanitised exception text bubbled into responses from Azure cluster name checks. | CWE-116, CWE-79 |
| credential_info | request body | google/verification_ack | HTML/JS injection through unsanitised exception strings returned by Google SDK paths. | CWE-116, CWE-79 |
| project_id | request body | google/projects | HTML/JS injection via unsanitised error text surfaced in Google project-related endpoints. | CWE-116, CWE-79 |
| region_id | request body | google/regions | HTML/JS injection via unsanitised error strings in Google region lookups. | CWE-116, CWE-79 |
| instance_type | request body | google/instance_types | HTML/JS injection via unsanitised error strings in Google instance type queries. | CWE-116, CWE-79 |
| version_id | request body | google/database_versions | HTML/JS injection via unsanitised error strings in Google database version queries. | CWE-116, CWE-79 |
| access_key | request body | google/verify_credentials/ | HTML/JS injection via unsanitised exception text propagated from Google verify_credentials path. | CWE-116, CWE-79 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation