Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dataease dataease vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-40183
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an malicious user to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not...
Dataease Dataease
7.5
CVSSv3
CVE-2021-38239
SQL Injection vulnerability in dataease prior to 1.2.0, allows malicious users to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.
Dataease Dataease
5.4
CVSSv3
CVE-2023-37257
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds.
Dataease Dataease
9.8
CVSSv3
CVE-2023-37258
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.
Dataease Dataease
8.1
CVSSv3
CVE-2023-34463
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. The...
Dataease Dataease
5.4
CVSSv3
CVE-2023-25807
DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the...
Dataease Dataease
9.8
CVSSv3
CVE-2022-39312
Dataease is an open source data visualization analysis tool. Dataease before 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `ba...
Dataease Dataease
1 Github repository
6.1
CVSSv3
CVE-2023-28435
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulner...
Dataease Dataease
8.1
CVSSv3
CVE-2023-32310
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or...
Dataease Dataease
9.8
CVSSv3
CVE-2023-28437
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.
Dataease Dataease
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »