Critical severityNVD Advisory· Published Apr 3, 2025· Updated Apr 3, 2025
Cross-Site Vulnerability(XSS) due to arbitrary HTML/JavaScript gets executed while query result rendering in Query Tool and View/Edit Data Tool of pgAdmin 4
CVE-2025-2946
Description
pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pgadmin4PyPI | < 9.2 | 9.2 |
Affected products
3- ghsa-coords2 versions
< 9.2+ 1 more
- (no CPE)range: < 9.2
- (no CPE)range: < 9.2-1.1
- Range: 0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-2rrx-pphc-qfv9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-2946ghsaADVISORY
- github.com/pgadmin-org/pgadmin4/commit/1305d9910beefd0d6b4c7eb4f111f86edb1d356bghsaWEB
- github.com/pgadmin-org/pgadmin4/issues/8602ghsaissue-trackingWEB
News mentions
0No linked articles in our index yet.