CVE-2022-43143

CRITICAL

Beekeeper Studio <3.6.6 - XSS

Title source: llm

Description

A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.

Exploits (1)

nomisec WORKING POC

by goseungduk · poc

https://github.com/goseungduk/beekeeper

View Code ZIP pw:eip

References (1)

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/beekeeper-studio/beekeeper-studio/issues/1393

Scores

CVSS v3 9.6

EPSS 0.0062

EPSS Percentile 70.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

beekeeperstudio/beekeeper-studio 3.6.6

Published Nov 21, 2022

Tracked Since Feb 18, 2026