Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
questdb ui Web Console cross site scripting
Vulnerability Description
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.1.10 is recommended to address this issue. The patch is identified as b42fd9f18476d844ae181a10a249e003dafb823d. You should upgrade the affected component. The vendor confirmed early that the fix "is going to be released as a part of QuestDB 9.3.0" as well.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
questdb 代码注入漏洞
Vulnerability Description
questdb是QuestDB开源的一个高性能、时间序列数据库。 questdb 1.11.9及之前版本存在代码注入漏洞,该漏洞源于Web Console组件存在跨站脚本漏洞,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A