Description
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
Remediation
References
https://lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923%40%3Cdev.drill.apache.org%3E
Related Vulnerabilities
CVE-2018-20676 Vulnerability in maven package org.webjars:bootstrap
CVE-2016-1000220 Vulnerability in npm package kibana
CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap-sass
CVE-2022-31160 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2023-40312 Vulnerability in maven package org.opennms:opennms-webapp