CNNVD-202510-2476 Information
CNNVD ID
CNNVD-202510-2476
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.10.13及之前版本存在跨站脚本漏洞,该漏洞源于文件上传验证不当和身份验证绕过,可能导致存储型跨站脚本攻击。
Description (English)
DataEase is an open source data visualization analysis tool for DataEase open sources. To help users quickly analyse data and see business trends, thereby improving and optimizing operations. DataEase 2.10.13 and previous versions had a cross-site script loophole, which stemmed from inappropriate document upload authentication and the circumvention of authentication, which could lead to a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/dataease/dataease/security/advisories/GHSA-2wmv-rr3p-pf43 https://access.redhat.com/security/cve/cve-2025-62421
Patch
https://github.com/dataease/dataease/releases
Share on: