Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/02 6:2 p.m.3 views

CVE-2026-34725 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

8.2CVSS6.2AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2026/04/02 6:2 p.m.8 views

CVE-2026-34725

DbGate (multi-platform: web and Electron desktop) contains a stored XSS in the icon rendering path impacting versions 7.0.0–7.1.5. Attacker-controlled SVG icons stored as applicationIcon are rendered without sanitization, enabling script execution in another user’s browser (web UI) and, in Electr...

8.2CVSS6.2AI score0.00168EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/01 10:19 p.m.7 views

dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

Summary A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because...

8.2CVSS6.3AI score0.00168EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/01 10:19 p.m.3 views

GHSA-35XM-QVJG-8M42 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

Summary A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because...

8.2CVSS6.3AI score0.00168EPSS
Exploits0References5
Rows per page
Query Builder