EUVD-2022-29635

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Metabase includes a development endpoint that may allow XSS attacks and phishing attempts. Upgrade now.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2022-24855	15 Apr 202202:19	–	circl
CNNVD	Metabase 跨站脚本漏洞	14 Apr 202200:00	–	cnnvd
CVE	CVE-2022-24855	14 Apr 202221:35	–	cve
Cvelist	CVE-2022-24855 XSS vulnerability in Metabase	14 Apr 202221:35	–	cvelist
Tenable Nessus	Metabase 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.40.x < 1.40.8 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4	9 Sep 202500:00	–	nessus
NVD	CVE-2022-24855	14 Apr 202222:15	–	nvd
OSV	CVE-2022-24855 XSS vulnerability in Metabase	14 Apr 202221:35	–	osv
Prion	Cross site scripting	14 Apr 202222:15	–	prion
RedhatCVE	CVE-2022-24855	5 Feb 202521:48	–	redhatcve
Vulnrichment	CVE-2022-24855 XSS vulnerability in Metabase	14 Apr 202221:35	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "b63c367b-2e22-3889-addb-753c4fd321d0",
        "vendor": {
          "name": "metabase"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "59be3fdf-40d7-31ae-a81d-df2711f16941",
        "product": {
          "name": "Metabase"
        },
        "product_version": "0.40.0, < 0.40.8"
      },
      {
        "id": "6a7dc8b0-6c64-3849-b293-cff8487e26d4",
        "product": {
          "name": "Metabase"
        },
        "product_version": "0.42.0, < 0.42.4"
      },
      {
        "id": "744f424e-bdde-3375-b4b6-c1597e8eeac9",
        "product": {
          "name": "Metabase"
        },
        "product_version": "0.41.0, < 0.41.7"
      },
      {
        "id": "80372a39-8325-3818-a5e1-4a043d3e389b",
        "product": {
          "name": "Metabase"
        },
        "product_version": "1.41.0, < 1.41.7"
      },
      {
        "id": "836a850d-e5b6-3b30-9152-51abb9512a14",
        "product": {
          "name": "Metabase"
        },
        "product_version": "1.40.0, < 1.40.8"
      },
      {
        "id": "9011cd01-3a2b-3411-938b-bee6e93f9500",
        "product": {
          "name": "Metabase"
        },
        "product_version": "1.42.0, < 1.42.4"
      }
    ]
  }
]

Source	Link
github	www.github.com/metabase/metabase/security/advisories/GHSA-wjw6-wm9w-7ggr
github	www.github.com/metabase/metabase/releases/tag/v0.42.4

03 Oct 2025 20:07Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.4 - 8.7

CVSS 23.5

EPSS0.0042

SSVC