24 matches found
CVE-2026-33207 DataEase SQL Injection Vulnerability
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...
DataEase 安全漏洞
DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...
GHSA-6J87-M5QX-9FQP Craft CMS has Stored XSS in Table Field in its "Row Heading" Column Type
A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the Row Heading column type. The application fails to sanitize input within row headings, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious...
Craft CMS has Stored XSS in Table Field in its "Row Heading" Column Type
A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the Row Heading column type. The application fails to sanitize input within row headings, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious...
CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...
GHSA-3JH3-PRX3-W6WC Craft CMS has Stored XSS in Table Field via "HTML" Column Type
A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field. Prerequisite...
Craft CMS has Stored XSS in Table Field via "HTML" Column Type
A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field. Prerequisite...
CVE-2025-12067
The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12067
The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12067 Table Field Add-on for ACF and SCF <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content
The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12067
CVE-2025-12067 involves the WordPress plugin Table Field Add-on for ACF and SCF. The issue is stored XSS via Table Cell Content in versions up to 1.3.30, caused by insufficient input sanitization and output escaping. The vulnerability can be triggered by authenticated attackers with Author-level ...
CVE-2025-12067 Table Field Add-on for ACF and SCF <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content
The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Table Field Add-on for ACF and SCF 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...
PT-2026-1419
Name of the Vulnerable Software and Affected Versions Table Field Add-on for ACF and SCF plugin for WordPress versions up to and including 1.3.30 Description The software is susceptible to Stored Cross-Site Scripting through the Table Cell Content due to inadequate input sanitization and output...
WordPress Table Field Add-on for ACF and SCF plugin <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Table Cell Content vulnerability discovered by shark3y in WordPress Plugin Table Field Add-on for ACF and SCF versions = 1.3.30...
CVE-2025-62422
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...
DataEase SQL Injection Vulnerability
DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase /de2api/datasetData/tableField processing tableName parameter...
CVE-2025-62422
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...
EUVD-2025-34914
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...
CVE-2025-62422 DataEase SQL injection vulnerability
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...