HIGH 7.4

GHSA-xv64-8p4r-94gq

pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload

Details

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pgadmin4

Introduced in: 0 Fixed in: 8.6

Fix pip install --upgrade 'pgadmin4>=8.6'

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4216 [ADVISORY]
https://github.com/pgadmin-org/pgadmin4/issues/7282 [WEB]
https://github.com/pgadmin-org/pgadmin4/commit/e384c9665ae2e72376be7cefa8e652efcee93767 [WEB]
https://github.com/pgadmin-org/pgadmin4 [PACKAGE]
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE [WEB]