Bug 2278851 (CVE-2024-4216) - CVE-2024-4216 pgadmin4: XSS in /settings/store endpoint
Summary: CVE-2024-4216 pgadmin4: XSS in /settings/store endpoint
Keywords:
Status: NEW
Alias: CVE-2024-4216
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2278855 2278853 2278857
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-05-03 11:13 UTC by TEJ RATHI
Modified: 2024-05-03 11:18 UTC (History)
0 users

Fixed In Version: pgadmin4 rel-8_6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description TEJ RATHI 2024-05-03 11:13:48 UTC
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

https://github.com/pgadmin-org/pgadmin4/issues/7282

Comment 1 TEJ RATHI 2024-05-03 11:16:52 UTC
Created pgadmin4 tracking bugs for this issue:

Affects: fedora-38 [bug 2278853]
Affects: fedora-39 [bug 2278855]
Affects: fedora-40 [bug 2278857]


Note You need to log in before you can comment on or make changes to this bug.