DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.
References
Link | Resource |
---|---|
https://github.com/dataease/dataease/commit/cc94fb8e69ddbb37c96d02ec0f0ddcd74273ef49 | Patch |
https://github.com/dataease/dataease/security/advisories/GHSA-xj3h-3wmw-j5vf | Exploit Vendor Advisory |
Configurations
History
07 Nov 2023, 04:09
Type | Values Removed | Values Added |
---|---|---|
Summary | DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. |
Information
Published : 2023-02-28 16:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-25807
Mitre link : CVE-2023-25807
CVE.ORG link : CVE-2023-25807
JSON object : View
Products Affected
dataease
- dataease
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')