Lucene search

GitHub Advisory DatabaseGHSA-XV64-8P4R-94GQ

HistoryMay 02, 2024 - 6:30 p.m.

pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload

2024-05-0218:30:55

CWE-79

GitHub Advisory Database

github.com

pgadmin

cross-site scripting

api

vulnerability

json payload

attackers

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

Affected configurations

Vulners

Node

pgadmin4Range≤8.5

CPENameOperatorVersion
pgadmin4le8.5

CPE	Name	Operator	Version
	pgadmin4	le	8.5

References

github.com/advisories/GHSA-xv64-8p4r-94gq

github.com/pgadmin-org/pgadmin4/commit/e384c9665ae2e72376be7cefa8e652efcee93767

github.com/pgadmin-org/pgadmin4/issues/7282

lists.fedoraproject.org/archives/list/[email protected]/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE

nvd.nist.gov/vuln/detail/CVE-2024-4216