2715 matches found
CVE-2023-26487 Vega has cross-site scripting vulnerability in `lassoAppend` function
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
Grafana vulnerable to Cross-site Scripting
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...
CVE-2023-0594
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...
Cross site scripting
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...
CVE-2023-0594
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...
CVE-2023-0594
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...
CVE-2023-25807
DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...
Code injection
DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...
CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability
DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...
CVE-2023-25807
DataEase dashboard storage vulnerability (CVE-2023-25807) allows stored XSS via manipulated saved data. Affected software: DataEase open-source data visualization/analysis tool. Root cause: saving a dashboard can store malicious code which is executed server-side when the dashboard is viewed. Imp...
SquaredUp Dashboard Server SCOM Edition 跨站脚本漏洞
SquaredUp Dashboard Server SCOM Edition is a data visualization platform for Microsoft System Center Operations Manager and OMS from SquaredUp. A security vulnerability exists in SquaredUp Dashboard Server SCOM Edition prior to 5.7.1 GA that stems from the SquaredUp SCOM version allowing XSS...
GHSA-PX8H-6QXV-M22Q vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
GHSA-PX8H-6QXV-M22Q vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
SUSE CVE-2013-1937
Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...
SUSE CVE-2016-6615
XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature a specially-crafted database name can be used to trigger an XSS attack; the "Tracking" feature a specially-crafted query can be used to trigger an XSS attack; and GIS visualization feature. Al...
SUSE CVE-2020-7015
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB...
SUSE CVE-2021-42521
There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer...
CVE-2023-25577 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
CVE-2023-23934 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
CVE-2023-23934 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...