Description
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
Remediation
References
https://lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923%40%3Cdev.drill.apache.org%3E
Related Vulnerabilities
CVE-2019-10325 Vulnerability in maven package io.jenkins.plugins:warnings-ng
CVE-2019-9737 Vulnerability in maven package org.webjars.npm:editor.md
CVE-2022-29252 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
CVE-2018-1999007 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-34305 Vulnerability in maven package org.apache.tomcat:tomcat