Apache Superset Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions have an authorization issue vulnerability that stems from incorrect authorization checks in SQLLab. An attacker can exploit the vulnerability to...

Apache Superset Code Execution Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A code execution vulnerability exists in Apache Superset version 2.1.0 and earlier, which can be exploited by an attacker to remotely execute code on a Web backend...

Apache Superset REST API Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...

Apache Superset Security Bypass Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset version 2.1.0 and prior versions, which can be exploited by an attacker to incorrectly create resources using the Import Chart feature...

CVE-2023-39512

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

Cross site scripting

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

Cross site scripting

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

CVE-2023-39516

CVE-2023-39516 affects Cacti. It is a Stored Cross-Site Scripting (XSS) vulnerability in the data_sources.php component that can be exploited by an authenticated user with the General Administration > Sites/Devices/Data permission to poison data stored in the Cacti database. The poisoned data ...

CVE-2023-39516 Stored Cross-Site-Scripting on data_sources.php debug html-block in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

CVE-2023-39366

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

CVE-2023-39366 Stored Cross-site Scripting in data_sources.php through Device-Name in 'select' input in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

CVE-2023-39366

CVE-2023-39366 affects Cacti (web-based monitoring) with a stored XSS in the data_sources view caused by malicious device-name configuration via host.php; the payload can execute in admin users’ browsers when viewing data sources. Affected versions are mitigated by upgrading to Cacti 1.2.25. If u...

CVE-2023-39512

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

CVE-2023-39512

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

Hitachi EH-VIEW 缓冲区错误漏洞

Hitachi EH-VIEW is a data visualization and analytics platform from Hitachi, Japan, focused on helping organizations turn data into actionable insights. The goal of this platform is to help organizations better understand their data through visualization, analytics, and reporting tools to make mo...

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an "extremely severe" flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as...

CVE-2023-37258

DataEase has a SQL injection vulnerability in versions prior to 1.18.9 that can bypass blacklist checks. Root cause: improper handling in SQL construction/validation allows bypassing input filtering. Affected: DataEase open-source data visualization/analysis tool (pre-1.18.9). Impact per sources:...

CVE-2023-37257 The DataEase panel and dataset have a stored XSS vulnerability

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

CVE-2023-37257

CVE-2023-37257 is a stored cross-site scripting vulnerability in DataEase prior to version 1.18.9, affecting the DataEase panel and dataset. The root cause is a stored XSS condition in the panel/dataset that could be triggered by user input or data rendering, as documented by multiple sources. Th...

CVE-2023-35164

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...