Home > mailing lists

Re: XSS Bug in Query View - Mailing list pgsql-bugs

From	Fahar Abbas
Subject	Re: XSS Bug in Query View
Date	June 20, 2019 10:10:30
Msg-id	CAJFwRrNkdOKtiBfvopLaArzzHTRPVuSCkErS5DLDhmB-b4SorA@mail.gmail.com Whole thread Raw
In response to	XSS Bug in Query View (Albrecht Scheidig <albrecht.scheidig@hype.de>)
List	pgsql-bugs

Tree view

Hi Albrecht,

Fix will be available in next release of pgadmin4 4.9.

On Wed, Jun 19, 2019 at 8:48 PM Albrecht Scheidig <albrecht.scheidig@hype.de> wrote:

When entering the following query and hit 'execute', xss is executed:

SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';

pgadmin 4.8

Fahar Abbas

QMG

EnterpriseDB Corporation

Phone Office: +92-51-835-8874
Phone Direct: +92-51-8466803
Mobile: +92-333-5409707
Skype ID: live:fahar.abbas
Website: www.enterprisedb.com

pgsql-bugs by date:

From: Michael Paquier
Date: 20 June 2019, 10:03:19
Subject: Re: BUG #15827: Unable to connect on Windows using pg_services.confusing Python psycopg2

From: Daniel Gustafsson
Date: 20 June 2019, 10:51:26
Subject: Re: CREATE STATISTICS + Table Inheritance = ERROR: tuple alreadyupdated by self

Re: XSS Bug in Query View - Mailing list pgsql-bugs

Previous

Next