Conversation
AttackerKB
attackerkb
New assessment for topic: CVE-2024-26148
Topic description: "Querybook is a user interface for querying big data ..."
"Entered URL through Draft.js entity data (props.contentState.getEntity(props.entityKey).getData()) in querybook/webapp/lib/richtext/ index.tsx (line 13) misses validation of URL schema using Safelist ('http:', 'https:'), resulting in client-side XSS at <Link to={url} newTab> (line 15), enabling ACE when exploited. ..."
Link: https://attackerkb.com/assessments/4e765b62-7e23-42f7-a194-a9166d3ed70d
Topic description: "Querybook is a user interface for querying big data ..."
"Entered URL through Draft.js entity data (props.contentState.getEntity(props.entityKey).getData()) in querybook/webapp/lib/richtext/ index.tsx (line 13) misses validation of URL schema using Safelist ('http:', 'https:'), resulting in client-side XSS at <Link to={url} newTab> (line 15), enabling ACE when exploited. ..."
Link: https://attackerkb.com/assessments/4e765b62-7e23-42f7-a194-a9166d3ed70d
0
0
0