2609 matches found
CVE-2023-27578
CVE-2023-27578 affects the Galaxy open-source data-analysis platform. The root cause is an insufficient permission check, allowing an attacker to modify or delete any Galaxy Visualization or Galaxy Page, or copy/import a Visualization, if they know the encoded ID. Affected versions include all su...
SAP BusinessObjects Business Intelligence Platform Information Leakage Vulnerability
SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. An information disclosure vulnerability exists in SAP BusinessObjects...
CVE-2023-26487
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
DEBIAN-CVE-2023-26486
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26486
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26486
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26487
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
Format string
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
Format string
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
CVE-2023-26486 Vega `scale` expression function cross site scripting
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26486
CVE-2023-26486 concerns Vega’s scale expression function, which can pass a user-supplied group to getScale and allow the context to be treated as internal, enabling an escape of the Vega sandbox and arbitrary JavaScript execution. Public sources in the provided documents confirm this is a Vega vu...
CVE-2023-26486 Vega `scale` expression function cross site scripting
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26487 Vega has cross-site scripting vulnerability in `lassoAppend` function
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
CVE-2023-26487 Vega has cross-site scripting vulnerability in `lassoAppend` function
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
CVE-2023-26487
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
CVE-2023-26487
Vega’s CVE-2023-26487 is a cross-site scripting vulnerability in the lassoAppend function. The issue stems from the first argument not being strictly typed as an array, allowing objects with a push function (potentially via event.view) to be passed and used in the push call, enabling XSS vectors ...
Grafana vulnerable to Cross-site Scripting
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...
CVE-2023-0594
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...
Cross site scripting
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...
CVE-2023-0594
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...