phpPgAdmin version 4.1.1 suffers from a cross site scripting vulnerability.
334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1e
There is a JavaScript code Injection in phpPgAdmin which fails to correctly
sanitize user supplied data. As a result very simple XSS is possible. This
was tested on phpPgAdmin 4.1.1 as not logged user.
PoC:
https://test.com/phpPgAdmin/sqledit.php?server=%3A5432%3Aallow');alert(document.cookie);alert('phpPgAdmin%204.1.1%20XSS%20Vulnerability');//
Regards Michal Majchrowicz.
Hack.pl