Home > mailing lists

XSS Bug in Query View - Mailing list pgsql-bugs

From	Albrecht Scheidig
Subject	XSS Bug in Query View
Date	June 19, 2019 18:47:59
Msg-id	DB8PR01MB6137253E7ABC07C56EF3AB22E6E50@DB8PR01MB6137.eurprd01.prod.exchangelabs.com Whole thread Raw
Responses	Re: XSS Bug in Query View
List	pgsql-bugs

When entering the following query and hit 'execute', xss is executed:

SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';

pgadmin 4.8

From: Tom Lane
Date: 19 June 2019, 17:42:53
Subject: Re: BUG #15860: Postgresql service does not start when the pg_hba.conf is changed

From: Juan José Santamaría Flecha
Date: 19 June 2019, 19:07:14
Subject: Re: BUG #15858: could not stat file - over 4GB