Vulnerabilities > Dataease > Dataease
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-28 | CVE-2023-25807 | Cross-site Scripting vulnerability in Dataease DataEase is an open source data visualization and analysis tool. | 5.4 |
| 2023-02-15 | CVE-2021-38239 | SQL Injection vulnerability in Dataease SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10. | 7.5 |
| 2022-10-25 | CVE-2022-39312 | Deserialization of Untrusted Data vulnerability in Dataease Dataease is an open source data visualization analysis tool. | 9.8 |
| 2022-07-22 | CVE-2022-34113 | Unspecified vulnerability in Dataease 1.11.1 An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. | 9.8 |
| 2022-02-08 | CVE-2022-23331 | Unspecified vulnerability in Dataease 1.6.1 In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. | 8.8 |