4 matches found
CVE-2024-27103
Querybook (Big Data Querying UI) is affected by a stored XSS vulnerability (CVE-2024-27103) arising from unsanitized input passed to dangerouslySetInnerHTML during search result highlighting and in the query auto-suggestion feature. The issue is triggered when highlighted results or suggested tab...
CVE-2024-28251
Querybook (Big Data Querying UI) exposes a cross-site websocket hijacking risk due to permissive CORS on its WebSocket Server. The issue affects datadocs functionality where the client communicates with a WebSocket Server to update/read/delete cells and monitor query execution, enabling an attack...
CVE-2022-46151
CVE-2022-46151 affects Querybook, where user-provided data in the error field of the auth callback URL (oauth_auth.py and okta_auth.py) is not escaped, enabling reflected XSS if CSP is not enabled or unsafe-inline is allowed. Affected versions are before 3.14.2. Mitigation: upgrade to Querybook 3...
CVE-2024-26148
CVE-2024-26148 affects Querybook prior to v3.31.1, where the rich text editor accepts arbitrary URLs without validation, enabling the use of the javascript: protocol and potentially triggering client-side execution. The most severe impact could allow an admin to be compromised via a crafted XSS U...