Cross-Site Scripting Vulnerability in DataEase Visualization Tool
CVE-2026-55647
5.1MEDIUM
What is CVE-2026-55647?
DataEase, an open source data visualization tool, contains a vulnerability where dashboard text components can render untrusted HTML due to insufficient server-side sanitization. An authenticated user with editing rights can inject malicious HTML with executable event handlers, leading to potential cross-site scripting attacks. This security flaw impacts users viewing the dashboard, as they may unknowingly execute the injected code. The issue was addressed in version 2.10.24, where proper sanitization measures were implemented to mitigate such risks.
Affected Version(s)
dataease < 2.10.24
