CVE-2023-25807

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:50

Type Values Removed Values Added
References () https://github.com/dataease/dataease/commit/cc94fb8e69ddbb37c96d02ec0f0ddcd74273ef49 - Patch () https://github.com/dataease/dataease/commit/cc94fb8e69ddbb37c96d02ec0f0ddcd74273ef49 - Patch
References () https://github.com/dataease/dataease/security/advisories/GHSA-xj3h-3wmw-j5vf - Exploit, Vendor Advisory () https://github.com/dataease/dataease/security/advisories/GHSA-xj3h-3wmw-j5vf - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 7.2

07 Nov 2023, 04:09

Type Values Removed Values Added
Summary DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.

Information

Published : 2023-02-28 16:15

Updated : 2024-11-21 07:50


NVD link : CVE-2023-25807

Mitre link : CVE-2023-25807

CVE.ORG link : CVE-2023-25807


JSON object : View

Products Affected

dataease

  • dataease
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')