Package: phppgadmin Version: 4.0.1-3.2 Tags: security Severity: important A cross-site scripting vulnerability has been disclosed in phppgadmin:
| There is a JavaScript code Injection in phpPgAdmin which fails to correctly | sanitize user supplied data. As a result very simple XSS is possible. This | was tested on phpPgAdmin 4.1.1 as not logged user. | PoC: | https://test.com/phpPgAdmin/sqledit.php?server=%3A5432%3Aallow');alert(document.cookie \ | );alert('phpPgAdmin%204.1.1%20XSS%20Vulnerability');// Regards Michal Majchrowicz. <http://marc.info/?l=full-disclosure&m=117987658110713&w=2> Please mention the name CVE-2007-2865 in the changelog when fixing this bug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
