Lucene search
+L

25 matches found

NVD
NVD
added 2022/12/06 1:15 a.m.24 views

CVE-2022-46151

Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...

6.3CVSS0.00415EPSS
Exploits0References2
CVE
CVE
added 2022/12/06 12:33 a.m.50 views

CVE-2022-46151

CVE-2022-46151 affects Querybook, where user-provided data in the error field of the auth callback URL (oauth_auth.py and okta_auth.py) is not escaped, enabling reflected XSS if CSP is not enabled or unsafe-inline is allowed. Affected versions are before 3.14.2. Mitigation: upgrade to Querybook 3...

6.3CVSS6.1AI score0.00415EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/06 12:33 a.m.24 views

CVE-2022-46151 Reflected XSS

Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...

6.3CVSS6.2AI score0.00415EPSS
Exploits0References2
OSV
OSV
added 2021/10/27 1:28 p.m.4 views

SUSE-SU-2021:3555-1 Security update for salt

This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996...

7.5CVSS7.6AI score0.03514EPSS
Exploits0References3
Prion
Prion
added 2021/03/17 9:15 a.m.13 views

Privilege escalation

The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege...

7.5CVSS9.9AI score0.03751EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder