| Título | Teable < release.2026-04-21T08-57-20Z.1513 DOM-Based XSS, Open Redirect |
|---|
| Descripción | A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Teable's sign-up/in functionality before version "release.2026-04-21T08-57-20Z.1513". The application improperly trusts a URL parameter (redirect) during the sign-in flow. An attacker can craft a malicious link that, when clicked and signed-in by a user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.
---
Note to moderator: The issue was fixed without notifying the wider user base via a security disclosure. It is reasonable that users self-hosting the product are unaware of the vulnerability. Previously, the project appears to have used semantic versioning with the latest semantic version being 1.10.0, however, it appears the vendor has shifted to a datetime-based versioning (e.g. release.2026-04-21T08-57-20Z.1513). I have attempted to reach out to the vendor regarding a GitHub security advisory, but they have not responded and have marked the ticket in my email thread as closed.
- CVD: https://gist.github.com/TrebledJ/98575dc5aecb47433f02ff942e6aedf1
- Original PR: https://github.com/teableio/teable/pull/2827
- Note: the PR was closed, but the fix was merged in another commit. I'm not sure why. Possibly a
- Actual commit which was merged: https://github.com/teableio/teable/commit/778111de6bcee0a873ba7d91685edc57bf1cdbae#diff-8b5ff6f759ba6de35f3ccf9108151a62d29d967ace491d808587a50ead55644e
- Vendor: https://github.com/teableio
- Product: https://github.com/teableio/teable
- Changelog indicating fix in Apr. 23, 2026: https://help.teable.ai/en/changelog#sharing-and-permission-fixes-5:~:text=Fixed%20a%20reflected%20XSS%20vulnerability%20in%20auth%20pages
- Changelog (backup link): https://web.archive.org/web/20260427172549/https://help.teable.ai/en/changelog
- Go to Apr. 23, 2026, under "3. Duplicate & Delete Tables", click on "Sharing & Permission Fixes (5)", observe "Fixed a reflected XSS vulnerability". |
|---|
| Fuente | ⚠️ https://gist.github.com/TrebledJ/98575dc5aecb47433f02ff942e6aedf1 |
|---|
| Usuario | trebledj (UID 94356) |
|---|
| Sumisión | 2026-04-29 19:12 (hace 1 mes) |
|---|
| Moderación | 2026-05-26 12:48 (27 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 365628 [teableio teable hasta 1.9.x Sign-up LoginPage.tsx redirect secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|