| From: | Fahar Abbas <fahar(dot)abbas(at)enterprisedb(dot)com> |
|---|---|
| To: | Albrecht Scheidig <albrecht(dot)scheidig(at)hype(dot)de>, Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: XSS Bug in Query View |
| Date: | 2019-06-20 07:10:30 |
| Message-ID: | CAJFwRrNkdOKtiBfvopLaArzzHTRPVuSCkErS5DLDhmB-b4SorA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi Albrecht,
Fix will be available in next release of pgadmin4 4.9.
On Wed, Jun 19, 2019 at 8:48 PM Albrecht Scheidig <albrecht(dot)scheidig(at)hype(dot)de>
wrote:
> When entering the following query and hit 'execute', xss is executed:
>
>
> SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';
>
>
> pgadmin 4.8
>
--
Fahar Abbas
QMG
EnterpriseDB Corporation
Phone Office: +92-51-835-8874
Phone Direct: +92-51-8466803
Mobile: +92-333-5409707
Skype ID: *live:fahar.abbas*
Website: www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2019-06-20 07:51:26 | Re: CREATE STATISTICS + Table Inheritance = ERROR: tuple already updated by self |
| Previous Message | Michael Paquier | 2019-06-20 07:03:19 | Re: BUG #15827: Unable to connect on Windows using pg_services.conf using Python psycopg2 |