CVE-2018-0697
Metabase is affected by a cross-site scripting vulnerability (CWE-79) in version 0.29.3 and earlier. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, potentially affecting a logged-in user’s browser session. Public details across multiple s...