Description
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
Remediation
References
https://lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923%40%3Cdev.drill.apache.org%3E
Related Vulnerabilities
CVE-2023-46998 Vulnerability in maven package org.webjars.bowergithub.makeusabrew:bootbox
CVE-2013-7370 Vulnerability in maven package org.webjars.npm:connect
CVE-2023-33937 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.form.web
CVE-2020-7690 Vulnerability in maven package org.webjars.npm:jspdf
CVE-2017-16821 Vulnerability in maven package org.b3log:symphony