| عنوان | Teable < release.2026-04-21T08-57-20Z.1513 DOM-Based XSS, Open Redirect |
|---|
| الوصف | A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Teable's sign-up/in functionality before version "release.2026-04-21T08-57-20Z.1513". The application improperly trusts a URL parameter (redirect) during the sign-in flow. An attacker can craft a malicious link that, when clicked and signed-in by a user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.
---
Note to moderator: The issue was fixed without notifying the wider user base via a security disclosure. It is reasonable that users self-hosting the product are unaware of the vulnerability. Previously, the project appears to have used semantic versioning with the latest semantic version being 1.10.0, however, it appears the vendor has shifted to a datetime-based versioning (e.g. release.2026-04-21T08-57-20Z.1513). I have attempted to reach out to the vendor regarding a GitHub security advisory, but they have not responded and have marked the ticket in my email thread as closed.
- CVD: https://gist.github.com/TrebledJ/98575dc5aecb47433f02ff942e6aedf1
- Original PR: https://github.com/teableio/teable/pull/2827
- Note: the PR was closed, but the fix was merged in another commit. I'm not sure why. Possibly a
- Actual commit which was merged: https://github.com/teableio/teable/commit/778111de6bcee0a873ba7d91685edc57bf1cdbae#diff-8b5ff6f759ba6de35f3ccf9108151a62d29d967ace491d808587a50ead55644e
- Vendor: https://github.com/teableio
- Product: https://github.com/teableio/teable
- Changelog indicating fix in Apr. 23, 2026: https://help.teable.ai/en/changelog#sharing-and-permission-fixes-5:~:text=Fixed%20a%20reflected%20XSS%20vulnerability%20in%20auth%20pages
- Changelog (backup link): https://web.archive.org/web/20260427172549/https://help.teable.ai/en/changelog
- Go to Apr. 23, 2026, under "3. Duplicate & Delete Tables", click on "Sharing & Permission Fixes (5)", observe "Fixed a reflected XSS vulnerability". |
|---|
| المصدر | ⚠️ https://gist.github.com/TrebledJ/98575dc5aecb47433f02ff942e6aedf1 |
|---|
| المستخدم | trebledj (UID 94356) |
|---|
| ارسال | 29/04/2026 07:12 PM (1 شهر منذ) |
|---|
| الاعتدال | 26/05/2026 12:48 PM (27 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365628 [teableio teable حتى 1.9.x Sign-up LoginPage.tsx redirect البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|