pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering
Critical severity
GitHub Reviewed
Published
Apr 3, 2025
to the GitHub Advisory Database
•
Updated Apr 4, 2025
Description
Published by the National Vulnerability Database
Apr 3, 2025
Published to the GitHub Advisory Database
Apr 3, 2025
Reviewed
Apr 4, 2025
Last updated
Apr 4, 2025
pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
References