CVE-2025-62422

DataEase (open source data visualization/analytics platform) contains a SQL injection vulnerability in the /de2api/datasetData/tableField interface for versions up to 2.10.13. An attacker can craft a malicious tableName parameter to execute arbitrary SQL commands. The issue is fixed in version 2....

CVE-2025-62422 DataEase SQL injection vulnerability

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...

CVE-2025-62422 DataEase SQL injection vulnerability

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...

EUVD-2010-2017

Malware in sbrugna...

EUVD-2014-8215

Malware in sbrugna...

DRUPAL-CONTRIB-2019-067

This module allows you to attach tabular data to an entity. There is insufficient access checking for users with the ability to "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities. This vulnerability is mitigated by the fact that an...

TableField - Moderately critical - Access bypass and Cross Site Scripting - SA-CONTRIB-2019-051

This module allows you to attach tabular data to an entity. Access bypass There's no access check for users with an "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities. This vulnerability is mitigated by the fact that an attacker must ha...

TableField - Critical - Remote Code Execution - SA-CONTRIB-2019-045

This module allows you to attach tabular data to an entity. The module doesn't sufficiently determine that the data being unserialized is the contents of a tablefield when users request a CSV export, which could lead to Remote Code Execution via Object Injection. This vulnerability is mitigated b...

CVE-2014-8378

Cross-site scripting XSS vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form...

Cross site scripting

Cross-site scripting XSS vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form...

CVE-2014-8378

Cross-site scripting XSS vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form...

CVE-2014-8378

CVE-2014-8378 affects the Drupal contributed TableField module (7.x-2.x) prior to 7.x-2.3. The vulnerability is a cross-site scripting (XSS) flaw where remote authenticated users with the permissions to administer content types or administer taxonomy can inject arbitrary web script or HTML via th...

CVE-2014-8378

Cross-site scripting XSS vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form...

SA-CONTRIB-2014-077 - TableField - Cross Site Scripting (XSS)

This module enables you to create a field attached to a entity which stores tabular data. The module doesn't sufficiently sanitize the field help text when presented to a privileged user. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

CVE-2010-1998

Cross-site scripting XSS vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers...

Cross site scripting

Cross-site scripting XSS vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers...

CVE-2010-1998

Cross-site scripting XSS vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers...

CVE-2010-1998

CVE-2010-1998 affects the Drupal CCK TableField module (6.x) prior to 6.x-1.2. The vulnerability is an XSS via table headers that remote authenticated users with certain node creation/editing privileges can exploit to inject arbitrary script/HTML. The NVD entry lists a low base score (CVSS2: 2.1,...

SA-CONTRIB-2010-039: CCK TableField - Cross Site Scripting

The CCK TableField module provides a generic method to attach tabular data to a node. CCK TableField does not sanitize table headers before output, allowing anyone with permissions to create or edit a node containing one or more TableField fields to insert arbitrary HTML and script code. Such a...