7 matches found
CVE-2026-55647 DataEase: authenticated stored XSS in the dashboard text components
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...
EUVD-2025-25143
Malicious code in bioql PyPI...
CVE-2025-54117
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed ...
Linux Distros Unpatched Vulnerability : CVE-2018-18623
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana 5.3.1 has XSS via the Dashboard Text Panel screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. CVE-2018-18623 Note that...
PT-2025-33664 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions prior to 2.2.3 Description: NamelessMC is a website software for Minecraft servers. A cross-site scripting XSS issue exists in the dashboard text editor component, potentially allowing remote authenticated attackers to...
SUSE CVE-2018-18623
Grafana 5.3.1 has XSS via the "Dashboard Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099...
grafana: XSS vulnerability via the "Dashboard > Text Panel" screen
A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS in the "Dashboard Text Panel" screen...