Browse all 4 CVE security advisories affecting pinterest. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pinterest operates as a visual discovery and bookmarking platform, allowing users to discover and save ideas across various categories. Historically, common vulnerabilities include cross-site scripting (XSS) and remote code execution (RCE), often stemming from improper input validation and insecure API endpoints. The platform has faced security incidents, including a 2019 data exposure affecting 325 million accounts due to a credential stuffing attack. Pinterest maintains standard security practices but has been susceptible to common web application vulnerabilities, with its four CVE records primarily reflecting XSS and RCE flaws. The platform's user-generated content nature necessitates robust input filtering to mitigate persistent security risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-28251 | Cross-site websocket hijacking in Querybook — querybookCWE-345 | 5.6 | Medium | 2024-03-13 |
| CVE-2024-27103 | Querybook Stored Cross-Site Scripting allows Privilege Elevation — querybookCWE-79 | 6.1 | Medium | 2024-02-28 |
| CVE-2024-26148 | Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation — querybookCWE-79 | 6.1 | Medium | 2024-02-21 |
| CVE-2022-46151 | Reflected XSS — querybookCWE-79 | 6.3 | Medium | 2022-12-06 |
This page lists every published CVE security advisory associated with pinterest. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.