Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dataease dataease vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-33963
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workaroun...
Dataease Dataease
6.1
CVSSv3
CVE-2023-28435
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulner...
Dataease Dataease
5.4
CVSSv3
CVE-2023-37257
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds.
Dataease Dataease
9.8
CVSSv3
CVE-2023-37258
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.
Dataease Dataease
7.5
CVSSv3
CVE-2023-40771
SQL injection vulnerability in DataEase v.1.18.9 allows a remote malicious user to obtain sensitive information via a crafted string outside of the blacklist function.
Dataease Dataease 1.18.9
8.8
CVSSv3
CVE-2022-23331
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.
Dataease Dataease 1.6.1
9.8
CVSSv3
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows malicious users to execute arbitrary code via a crafted plugin.
Dataease Dataease 1.11.1
6.5
CVSSv3
CVE-2022-34112
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows malicious users to arbitrarily uninstall the plugin, a right normally reserved for the administrator.
Dataease Project Dataease 1.11.1
8.8
CVSSv3
CVE-2022-34114
Dataease v1.11.1 exists to contain a SQL injection vulnerability via the parameter dataSourceId.
Dataease Project Dataease 1.11.1
9.8
CVSSv3
CVE-2022-34115
DataEase v1.11.1 exists to contain a arbitrary file write vulnerability via the parameter dataSourceId.
Dataease Project Dataease 1.11.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »