Felixtoe

Name of the Vulnerable Software and Affected Versions: pgAdmin versions <= 8.5 Description: The issue is related to a cross-site scripting (XSS) vulnerability in the `/settings/store` API response JSON payload. This vulnerability allows attackers to execute malicious scripts at the client end, potentially leading to a remote attacker conducting a cross-site scripting attack. Recommendations: For pgAdmin versions <= 8.5, as a temporary workaround, consider disabling access to the `/settings/store` API endpoint until a patch is available. Restrict the use of the JSON payload in the `/settings/store` API response to minimize the risk of exploitation.