CVE-2023-37257

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 1.18.9

Description DataEase is an open source data visualization analysis tool. The DataEase panel and dataset have a stored cross-site scripting vulnerability. The issue has been fixed in version 1.18.9. There are no known workarounds for this issue.

Recommendations For versions prior to 1.18.9, update to version 1.18.9 to resolve the issue. As a temporary workaround, consider restricting access to the DataEase panel and dataset until the update can be applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-37257

GHSA-7CM3-9PP6-Q2FQ

Affected Products

Dataease

CVE-2023-37257

Weakness Enumeration

Related Identifiers

Affected Products

References · 7