pgAdmin XSS Vulnerability Affects Client-Side Execution of Malicious Scripts
CVE-2024-4216

7.4HIGH

Key Information:

Vendor: Pgadmin.org
Status: Pgadmin 4
Vendor: CVE Published:; 2 May 2024

🔔 Create Pgadmin.org Vulnerability Alert

What is CVE-2024-4216?

An XSS vulnerability exists in pgAdmin versions up to 8.5, affecting the /settings/store API response JSON payload. This flaw enables malicious actors to inject harmful scripts, compromising client-side execution. Exploiting this vulnerability could lead to unauthorized actions and data breach risks for users accessing the affected application.

Affected Version(s)

pgAdmin 4 0

References

https://github.com/pgadmin-org/pgadmin4/issues/7282

issue-tracking

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Apr 25, 2024