CVE-2024-4216
published 2024-05-02CVE-2024-4216: pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.46%
36.6th percentile
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| pgadmin.org | pgadmin_4 | < 8.6 | 8.6 |
| pgadmin | pgadmin_4 | < 8.6 | 8.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
ghsa·2024-05-02
CVE-2024-4216 [HIGH] CWE-79 pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.
OSV
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
osv·2024-05-02
CVE-2024-4216 [HIGH] pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.
Suricata
ET WEB_SPECIFIC_APPS TBK DVR-4104/4216 Command Injection Attempt (CVE-2024-3721)
suricata·2025-03-26·CVSS 6.3
CVE-2024-3721 [MEDIUM] ET WEB_SPECIFIC_APPS TBK DVR-4104/4216 Command Injection Attempt (CVE-2024-3721)
ET WEB_SPECIFIC_APPS TBK DVR-4104/4216 Command Injection Attempt (CVE-2024-3721)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS TBK DVR-4104/4216 Command Injection Attempt (CVE-2024-3721)"; flow:established,to_server; http.uri; content:"/device.rsp|3f|opt|3d|sys|26|cmd|3d 5f 5f 5f|S|5f|O|5f|S|5f|T|5f|R|5f|E|5f|A|5f|MAX|5f 5f 5f|"; startswith; fast_pattern; content:"mdb|3d|"; within:20; content:"mdc|3d|"; within:20; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:cve,2024-3721; reference:url,github.com/netsecfish/tbk_dvr_command_injection; classtype:attempted-admin; sid:2061111; rev:1; metadata:affected_product DVR, attack_target IoT, tls_state plaintext, created_at 2025_03_26, cve CVE_2024_3721, deployment
No public exploits indexed.
https://github.com/pgadmin-org/pgadmin4/issues/7282https://lists.fedoraproject.org/archives/list/[email protected]/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/https://github.com/pgadmin-org/pgadmin4/issues/7282https://lists.fedoraproject.org/archives/list/[email protected]/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/
2024-05-02
Published