Quick Links

XSS Bug in Query View

From:	Albrecht Scheidig <albrecht(dot)scheidig(at)hype(dot)de>
To:	"pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject:	XSS Bug in Query View
Date:	2019-06-19 15:47:59
Message-ID:	DB8PR01MB6137253E7ABC07C56EF3AB22E6E50@DB8PR01MB6137.eurprd01.prod.exchangelabs.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

When entering the following query and hit 'execute', xss is executed:

SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';

pgadmin 4.8

Responses

Re: XSS Bug in Query View at 2019-06-20 07:10:30 from Fahar Abbas

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Juan José Santamaría Flecha	2019-06-19 16:07:14	Re: BUG #15858: could not stat file - over 4GB
Previous Message	Tom Lane	2019-06-19 14:42:53	Re: BUG #15860: Postgresql service does not start when the pg_hba.conf is changed