Thank you for reporting this. We will fix this before the next release.Please report it here - https://redmine.postgresql.org/projects/pgadmin4/issues/new
On Mon, Aug 22, 2022 at 3:03 PM Khoa Bùi Đức Anh <khoabda305@gmail.com> wrote:Hi team I found a XSS vulnerabillity on the latest pgAdmin4 (6.12). Step by stepBug is at API /browser/server/obj/7/Object -> Register -> Server -> Connection Fill in Hostname/address value ss"><iframe src=javascript:alert(document.domain)>Click save, XSS firedAnymore information, you can ask meThankskhoabda-- Thanks,Aditya ToshniwalpgAdmin Hacker | Software Architect | edbpostgres.com"Don't Complain about Heat, Plant a TREE"
Hi team I found a XSS vulnerabillity on the latest pgAdmin4 (6.12). Step by stepBug is at API /browser/server/obj/7/Object -> Register -> Server -> Connection Fill in Hostname/address value ss"><iframe src=javascript:alert(document.domain)>Click save, XSS firedAnymore information, you can ask meThankskhoabda
Akshay Joshi
Principal Software Architect
+91 9767888246
www.enterprisedb.com
pgadmin-hackers by date:
Соглашаюсь с условиями обработки персональных данных