Lucene search
K
PinterestQuerybook

4 matches found

CVE
CVE
added 2024/02/28 5:41 p.m.122 views

CVE-2024-27103

Querybook (Big Data Querying UI) is affected by a stored XSS vulnerability (CVE-2024-27103) arising from unsanitized input passed to dangerouslySetInnerHTML during search result highlighting and in the query auto-suggestion feature. The issue is triggered when highlighted results or suggested tab...

6.1CVSS6.1AI score0.00355EPSS
CVE
CVE
added 2024/03/13 11:21 p.m.77 views

CVE-2024-28251

Querybook (Big Data Querying UI) exposes a cross-site websocket hijacking risk due to permissive CORS on its WebSocket Server. The issue affects datadocs functionality where the client communicates with a WebSocket Server to update/read/delete cells and monitor query execution, enabling an attack...

7.3CVSS5.4AI score0.00239EPSS
CVE
CVE
added 2022/12/06 12:33 a.m.48 views

CVE-2022-46151

CVE-2022-46151 affects Querybook, where user-provided data in the error field of the auth callback URL (oauth_auth.py and okta_auth.py) is not escaped, enabling reflected XSS if CSP is not enabled or unsafe-inline is allowed. Affected versions are before 3.14.2. Mitigation: upgrade to Querybook 3...

6.3CVSS6.1AI score0.00415EPSS
CVE
CVE
added 2024/02/21 10:35 p.m.37 views

CVE-2024-26148

CVE-2024-26148 affects Querybook prior to v3.31.1, where the rich text editor accepts arbitrary URLs without validation, enabling the use of the javascript: protocol and potentially triggering client-side execution. The most severe impact could allow an admin to be compromised via a crafted XSS U...

6.1CVSS6.2AI score0.0053EPSS