Headline
CVE-2023-37257: The DataEase panel and dataset have stored XSS vulnerability
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds.
Impact
The DataEase panel and dataset have stored XSS vulnerability.
Visit the following address: https://github.com/search?q=repo%3Adataease%2Fdataease%20%20v-html%3D%22&type=code.
During a global search, it was discovered that some outputs were filtered for XSS encoding using 'v-html="’, while there are still some output areas that may pose a risk for stored XSS vulnerabilities.
However, there are still some outputs that have not been protected. As DataEase allows for collaboration among multiple users, other users within the same organization or administrator users who access the server via a browser and execute the attacker’s stored JavaScript code may cause security issues such as cookie leakage.
Stored XSS vulnerability demonstration is as follows:
(1) https://dataease.fit2cloud.com/#/panel/index
v-html="templateContentChange"
Create a dashboard named <audio src=x onerror=confirm(‘XSS’)>
Selecting export to PDF triggers XSS.
(2) https://dataease.fit2cloud.com/#/dataset/index
Create a directory named <audio src=x onerror=confirm(‘XSS’)>
Select ‘Move to’ and bring up the LazyTree interface.
Expanding the tree structure triggers XSS.
Affected versions: <= 1.18.9
Patches
The vulnerability has been fixed in v1.18.9.
Workarounds
It is recommended to upgrade the version to v1.18.9.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/dataease/dataease
Email us at [email protected]