CVE-2024-4216

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: pgAdmin versions <= 8.5

Description: The issue is related to a cross-site scripting (XSS) vulnerability in the /settings/store API response JSON payload. This vulnerability allows attackers to execute malicious scripts at the client end, potentially leading to a remote attacker conducting a cross-site scripting attack.

Recommendations: For pgAdmin versions <= 8.5, as a temporary workaround, consider disabling access to the /settings/store API endpoint until a patch is available. Restrict the use of the JSON payload in the /settings/store API response to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2024-05720

CVE-2024-4216

GHSA-XV64-8P4R-94GQ

OPENSUSE-SU-2024:14052-1

OPENSUSE-SU-2024_2260-1

OPENSUSE-SU-2024_3552-1

SUSE-SU-2024:2260-1

SUSE-SU-2024:3552-1

SUSE-SU-2024_3552-1

Affected Products

Pgadmin

Red Os

Suse

CVE-2024-4216

Weakness Enumeration

Related Identifiers

Affected Products

References · 25