{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T09:07:43.120","vulnerabilities":[{"cve":{"id":"CVE-2026-34725","sourceIdentifier":"security-advisories@github.com","published":"2026-04-02T18:16:33.253","lastModified":"2026-06-17T10:39:30.960","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with nodeIntegration: true and contextIsolation: false. This issue has been patched in version 7.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dbgate","product":"dbgate","versions":[{"version":">= 7.0.0, < 7.1.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-02T00:00:00+00:00","id":"CVE-2026-34725","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb5d2e4e5467dedafa5fa947e","source":"security-advisories@github.com"},{"url":"https://github.com/dbgate/dbgate/releases/tag/v7.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/dbgate/dbgate/security/advisories/GHSA-35xm-qvjg-8m42","source":"security-advisories@github.com"}]}}]}