CVE-2024-4216: pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload

May 2, 2024 (updated May 3, 2024)

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

References

github.com/advisories/GHSA-xv64-8p4r-94gq
github.com/pgadmin-org/pgadmin4
github.com/pgadmin-org/pgadmin4/commit/e384c9665ae2e72376be7cefa8e652efcee93767
github.com/pgadmin-org/pgadmin4/issues/7282
nvd.nist.gov/vuln/detail/CVE-2024-4216

Detect and mitigate CVE-2024-4216 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →