DataEase dashboard has a stored XSS vulnerability

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

DataEase 跨站脚本漏洞

DataEase是一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势，从而实现业务的改进与优化。 DataEase 1.18.3之前版本存在安全漏洞，该漏洞源于保存的数据可以被修改并存储恶意代码，攻击者利用该漏洞可以执行存储在服务器端的恶意代码。

N/A

N/A