Description
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.1.10 is recommended to address this issue.
Recommendation
Update the @questdb/web-console package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.1.10
- Patched version(s): 1.1.10
References
Related Issues
- Seroval affected by Denial of Service via Array serialization - CVE-2026-23957
- XSS in the `of` option of the `.position()` util in jquery-ui - CVE-2021-41184
- The AuthKit Remix Library renders sensitive auth data in HTML - CVE-2025-55009
- NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies - CVE-2025-48947
- Tags:
- npm
- @questdb/web-console
Anything's wrong? Let us know Last updated on January 13, 2026