CVE-2023-0594

Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...

CVE-2023-25807

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

Code injection

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

CVE-2023-25807

DataEase dashboard storage vulnerability (CVE-2023-25807) allows stored XSS via manipulated saved data. Affected software: DataEase open-source data visualization/analysis tool. Root cause: saving a dashboard can store malicious code which is executed server-side when the dashboard is viewed. Imp...

CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

SquaredUp Dashboard Server SCOM Edition 跨站脚本漏洞

SquaredUp Dashboard Server SCOM Edition is a data visualization platform for Microsoft System Center Operations Manager and OMS from SquaredUp. A security vulnerability exists in SquaredUp Dashboard Server SCOM Edition prior to 5.7.1 GA that stems from the SquaredUp SCOM version allowing XSS...

GHSA-PX8H-6QXV-M22Q vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

GHSA-PX8H-6QXV-M22Q vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

SUSE CVE-2013-1937

Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...

SUSE CVE-2016-6615

XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature a specially-crafted database name can be used to trigger an XSS attack; the "Tracking" feature a specially-crafted query can be used to trigger an XSS attack; and GIS visualization feature. Al...

SUSE CVE-2020-7015

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB...

SUSE CVE-2021-42521

There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer...

CVE-2023-25577 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

CVE-2023-23934 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

CVE-2023-23934 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

CVE-2023-25577 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:0362-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0362-1 advisory. - Grafana is an open source observability and data visualization platform. Versions prior to 9.1...

openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:0353-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0353-1 advisory. - Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugi...

Apache Superset Access Control Error Vulnerability (CNVD-2023-05217)

An access control error vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, which stems from improper access controls and could be exploited by an unauthenticated attacker to access dashboard configuration metadata using the REST...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-05220)

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the dashboard rendering to adequately clean up the content of the Markdown component, which could be exploited b...