Hi team I found a XSS vulnerabillity on the latest pgAdmin4 (6.12). Step by stepBug is at API /browser/server/obj/7/Object -> Register -> Server -> Connection Fill in Hostname/address value ss"><iframe src=javascript:alert(document.domain)>Click save, XSS firedAnymore information, you can ask meThankskhoabda
pgadmin-hackers by date:
Соглашаюсь с условиями обработки персональных данных