Teable
Monthly
Cross-site scripting in Teable's authentication redirect flow (versions 1.0-1.9.x) allows a remote unauthenticated attacker to inject and execute arbitrary JavaScript in a victim's browser by crafting a login URL with a malicious `redirect` parameter using javascript: or data: URI schemes. The vulnerable component is LoginPage.tsx in the Next.js frontend and the social auth controller adapter in the NestJS backend, neither of which validated the redirect destination before navigating. Publicly available exploit code exists (GitHub gist), but the vulnerability is not listed in CISA KEV and EPSS probability is very low at 0.04% (11th percentile), indicating no confirmed widespread exploitation.
Cross-site scripting in Teable's authentication redirect flow (versions 1.0-1.9.x) allows a remote unauthenticated attacker to inject and execute arbitrary JavaScript in a victim's browser by crafting a login URL with a malicious `redirect` parameter using javascript: or data: URI schemes. The vulnerable component is LoginPage.tsx in the Next.js frontend and the social auth controller adapter in the NestJS backend, neither of which validated the redirect destination before navigating. Publicly available exploit code exists (GitHub gist), but the vulnerability is not listed in CISA KEV and EPSS probability is very low at 0.04% (11th percentile), indicating no confirmed widespread exploitation.