Impact
There exists vulnerabilities in below two features:
- Querybook has a search tab where users can search for their queries, datadocs, tables and lists. When a user searches for any of these, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability.
- Querybook has the ability for users to create tables, but the names of these aren't sanitized correctly. During the "query auto-suggestion" (I will show what that means) the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability.
Patches
A patch to rectify this issue has been introduced in Querybook version 3.31.2. The fix is backward compatible and automatically fixes existing search results or table auto suggestions.
Workarounds
At present, there exists no workarounds for this issue.
References
Please refer to the commit for more details
HakuPiku Reporter
Impact
There exists vulnerabilities in below two features:
Patches
A patch to rectify this issue has been introduced in Querybook version 3.31.2. The fix is backward compatible and automatically fixes existing search results or table auto suggestions.
Workarounds
At present, there exists no workarounds for this issue.
References
Please refer to the commit for more details