34 matches found
PT-2024-21652 · Querybook · Querybook
Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.31.2 Description: The issue arises from the use of dangerouslySetInnerHTML when highlighting search results, which can trigger an XSS payload if the result contains malicious code. Additionally, during "query...
Querybook Security Vulnerability
Querybook is an open source big data query UI for Pinterest. A security vulnerability exists in Querybook versions prior to 3.31.2 that stems from insufficient cleaning of inputs, leading to a cross-site scripting XSS vulnerability...
CVE-2024-26148
Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...
Cross site scripting
Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...
CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation
Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...
CVE-2024-26148
CVE-2024-26148 affects Querybook prior to v3.31.1, where the rich text editor accepts arbitrary URLs without validation, enabling the use of the javascript: protocol and potentially triggering client-side execution. The most severe impact could allow an admin to be compromised via a crafted XSS U...
CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation
Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...
CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation
Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...
Querybook Cross-Site Scripting Vulnerability
Querybook is an open source big data query UI for Pinterest. A cross-site scripting vulnerability exists in Querybook versions prior to 3.31.1, which stems from allowing users to enter arbitrary URLs without the required validation...
CVE-2022-46151
Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...
CVE-2022-46151
CVE-2022-46151 affects Querybook, where user-provided data in the error field of the auth callback URL (oauth_auth.py and okta_auth.py) is not escaped, enabling reflected XSS if CSP is not enabled or unsafe-inline is allowed. Affected versions are before 3.14.2. Mitigation: upgrade to Querybook 3...
CVE-2022-46151 Reflected XSS
Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...
Querybook 跨站脚本漏洞
Querybook is an open source big data query UI for Pinterest. Querybook suffers from a cross-site scripting vulnerability that stems from not escaping fields in user-supplied data. An attacker exploits this vulnerability to execute a cross-site scripting exploit...
PT-2022-27768 · Querybook · Querybook
Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.14.2 Description: The issue concerns Querybook, an open source data querying UI. In affected versions, user-provided data is not escaped in the error field of the auth callback URL in...