Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1573: ForCVE/2023-0x04.md at main · yangyanglo/ForCVE

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-223565 was assigned to this vulnerability.

CVE
Open in Source
#sql#xss#vulnerability#js#git

Description: DataGear is an open source and free data visualization and analysis platform, free to create any data dashboard you want, and supports access to various data sources such as SQL, CSV, Excel, HTTP interface, and JSON. Stored XSS exists in Datagear 1.11.1 and earlier versions, and attacker can implement Stored XSS by crafting a malicious graph dataset. The final xss vulnerability occurs at the edit data set. Affected users should upgrade as soon as possible

Version: datagear <= 1.11.1

Add:https://github.com/datageartech/datagear

Vulnerability recurrence:

0x01Make a malicious dataset,For example:

0x03 select * from edu_article ; Click to preview

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE