Cross-Site Scripting Vulnerability in pgAdmin by pgAdmin Development Team
CVE-2025-2946

6.1MEDIUM

Key Information:

Vendor

Pgadmin.org

Status
Pgadmin 4
Vendor
CVE Published:
3 April 2025

What is CVE-2025-2946?

pgAdmin versions up to 9.1 are vulnerable to Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to inject arbitrary HTML or JavaScript into the application, which can then be executed in the context of a user's browser. By exploiting this flaw, an attacker may manipulate query results to execute malicious scripts, potentially compromising user data and session integrity.

Affected Version(s)

pgAdmin 4 0

References

https://github.com/pgadmin-org/pgadmin4/issues/8602
issue-tracking

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.