CVE-2026-34725
published 2026-04-02CVE-2026-34725: DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled…
PriorityP339high8.2CVSS 3.1
AVLACLPRLUIRSCCHIHAH
EPSS
0.17%
6.5th percentile
DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with nodeIntegration: true and contextIsolation: false. This issue has been patched in version 7.1.5.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dbgate | dbgate | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
osv·2026-04-01
CVE-2026-34725 [HIGH] dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
### Summary
A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with `nodeIntegration: true` and `contextIsolation: false`.
### Details
The issue is in the icon rendering path:
- `packages/web/src/icons/FontIcon.svelte`
- treats any icon string starting with ``
This makes `applicationIcon` a stored XSS sink.
An attacker who can create or modify an app definition can store a payload in `applicationIcon`. When another user v
GHSA
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
ghsa·2026-04-01
CVE-2026-34725 [HIGH] CWE-79 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
### Summary
A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with `nodeIntegration: true` and `contextIsolation: false`.
### Details
The issue is in the icon rendering path:
- `packages/web/src/icons/FontIcon.svelte`
- treats any icon string starting with ``
This makes `applicationIcon` a stored XSS sink.
An attacker who can create or modify an app definition can store a payload in `applicationIcon`. When another user v
No detection rules found.
No public exploits indexed.
2026-04-02
Published