MidnightBSD

Advisories for beekeeperstudio

CVE-2022-26174 HIGH

A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-116,

Products Affected

Vendor Product Version
beekeeperstudio beekeeper-studio *
CVE-2022-43143

A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.

Products Affected

Vendor Product Version
beekeeperstudio beekeeper-studio 3.6.6
CVE-2023-28394

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.

Products Affected

Vendor Product Version
beekeeperstudio beekeeper-studio *