XSS Bug in Query View

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

XSS Bug in Query View

Albrecht Scheidig

When entering the following query and hit 'execute', xss is executed:


SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';


pgadmin 4.8

Reply | Threaded
Open this post in threaded view
|

Re: XSS Bug in Query View

fahar
Hi Albrecht,

Fix will be available in next release of pgadmin4 4.9.

On Wed, Jun 19, 2019 at 8:48 PM Albrecht Scheidig <[hidden email]> wrote:

When entering the following query and hit 'execute', xss is executed:


SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';


pgadmin 4.8



--
Fahar Abbas
QMG
EnterpriseDB Corporation
Phone Office: +92-51-835-8874
Phone Direct: +92-51-8466803
Mobile: +92-333-5409707
Skype ID: live:fahar.abbas
Website: www.enterprisedb.com