CVE-2023-25807 HIGH

CVE-2023-25807: DataEase dashboard has a stored XSS vulnerability

Vendor Dataease
Product dataease
Weakness CWE-79 · XSS
Published February 28, 2023
Last update March 6, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.

Key dates

02Disclosure timeline

February 28, 2023 CVE published
March 6, 2025 Record updated