CVE-2023-25807: DataEase dashboard has a stored XSS vulnerability
First published: Tue Feb 28 2023(Updated: )
DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dataease | <1.18.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-25807?
CVE-2023-25807 is a vulnerability in the DataEase open source data visualization and analysis tool that allows an attacker to execute malicious code on the server side.
How does CVE-2023-25807 affect DataEase?
CVE-2023-25807 affects DataEase by allowing an attacker to modify and store malicious code in the saved data on the platform, which can then be executed when a user accesses the dashboard.
What is the severity of CVE-2023-25807?
CVE-2023-25807 has a severity rating of high with a severity value of 5.4.
Which version of DataEase is affected by CVE-2023-25807?
DataEase version 1.18.3 is affected by CVE-2023-25807.
How can CVE-2023-25807 be fixed?
To fix CVE-2023-25807, users should update to a version of DataEase that includes the patch provided by the vendor.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dataease
- canonical/dataease