CVE-2023-28435 Dataease file upload interface does not verify permission or file type

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

CVE-2023-28435 Dataease file upload interface does not verify permission or file type

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

CVE-2023-28435

Dataease file-upload vulnerability: permissions are not checked and file types are unchecked, enabling non-logged-in users to upload arbitrary files. Affected versions prior to 1.18.5. Remediation: upgrade to 1.18.5 (or apply provided fix).

CVE-2023-28435 Dataease file upload interface does not verify permission or file type

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

PT-2023-21720 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 1.18.5 Description: Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. Recommendations: For versions prior to 1.18.5, update to version...

PT-2023-21718 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 1.18.5 Description: The issue concerns the file upload interface in Dataease, where permissions are not properly checked, allowing users who are not logged in to upload files directly to the background. Additionally...

DataEase 跨站脚本漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A cross-site scripting vulnerability exists in DataEase 1.18.4 and earlier versions that stems from not...

CVE-2023-25807

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

CVE-2023-25807

DataEase dashboard storage vulnerability (CVE-2023-25807) allows stored XSS via manipulated saved data. Affected software: DataEase open-source data visualization/analysis tool. Root cause: saving a dashboard can store malicious code which is executed server-side when the dashboard is viewed. Imp...

CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

PT-2023-20319 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.3 Description: The issue concerns the DataEase platform, an open source data visualization and analysis tool. When saving a dashboard, an attacker can modify the saved data to store malicious code. This can lea...

DataEase 跨站脚本漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase version before 1.18.3 has a security vulnerability , the vulnerability stems from the saved...

CVE-2021-38239

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sysmsg/list/1/10...

CVE-2021-38239

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sysmsg/list/1/10...

Sql injection

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sysmsg/list/1/10...

CVE-2021-38239

CVE-2021-38239 affects DataEase prior to 1.2.0. A SQL Injection vulnerability exists in the /api/sys_msg/list/1/10 endpoint, exploitable via the orders parameter to reveal sensitive information. The issue is confirmed in multiple sources within the provided documents (e.g., NVD/Red Hat entries al...

CVE-2021-38239

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sysmsg/list/1/10...

DataEase SQL注入漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . A security vulnerability exists in DataEase versions prior to 1.2.0. An attacker exploited the...