PT-2023-25860 · Dataease · Dataease
5Uper8Ean
·
Publicado
2023-07-25
·
Atualizado
2023-08-01
·
CVE-2023-37257
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DataEase versions prior to 1.18.9
Description
DataEase is an open source data visualization analysis tool. The DataEase panel and dataset have a stored cross-site scripting vulnerability. The issue has been fixed in version 1.18.9. There are no known workarounds for this issue.
Recommendations
For versions prior to 1.18.9, update to version 1.18.9 to resolve the issue. As a temporary workaround, consider restricting access to the DataEase panel and dataset until the update can be applied.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dataease