Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2946

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

Published

2025-04-03T13:15:43.377

Last Modified

2025-04-23T22:24:39.353

Status

Analyzed

Source

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pgadmin	pgadmin_4	≤ 9.1	Yes

References

https://github.com/pgadmin-org/pgadmin4/issues/8602 Issue Tracking (f86ef6dc-4d3a-42ad-8f28-e6d5547a5007)