Description
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.1.10 is recommended to address this issue.
Recommendation
Update the @questdb/web-console package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.1.10
- Patched version(s): 1.1.10
References
Related Issues
- CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage - CVE-2026-26862
- Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload - CVE-2026-30948
- Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler - CVE-2026-1721
- mailparser vulnerable to Cross-site Scripting - CVE-2026-3455
- Tags:
- npm
- @questdb/web-console
Anything's wrong? Let us know Last updated on January 13, 2026