Impact
The DataEase panel and dataset have stored XSS vulnerability.
Visit the following address: https://github.com/search?q=repo%3Adataease%2Fdataease%20%20v-html%3D%22&type=code.
During a global search, it was discovered that some outputs were filtered for XSS encoding using 'v-html="’, while there are still some output areas that may pose a risk for stored XSS vulnerabilities.


However, there are still some outputs that have not been protected. As DataEase allows for collaboration among multiple users, other users within the same organization or administrator users who access the server via a browser and execute the attacker's stored JavaScript code may cause security issues such as cookie leakage.
Stored XSS vulnerability demonstration is as follows:
(1) https://dataease.fit2cloud.com/#/panel/index

|
v-html="templateContentChange" |
Create a dashboard named <audio src=x onerror=confirm('XSS')>

Selecting export to PDF triggers XSS.


(2) https://dataease.fit2cloud.com/#/dataset/index

Create a directory named <audio src=x onerror=confirm('XSS')>

Select 'Move to' and bring up the LazyTree interface.


Expanding the tree structure triggers XSS.

Affected versions: <= 1.18.9
Patches
The vulnerability has been fixed in v1.18.9.
Workarounds
It is recommended to upgrade the version to v1.18.9.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/dataease/dataease
Email us at wei@fit2cloud.com
Impact
The DataEase panel and dataset have stored XSS vulnerability.
Visit the following address: https://github.com/search?q=repo%3Adataease%2Fdataease%20%20v-html%3D%22&type=code.

During a global search, it was discovered that some outputs were filtered for XSS encoding using 'v-html="’, while there are still some output areas that may pose a risk for stored XSS vulnerabilities.
However, there are still some outputs that have not been protected. As DataEase allows for collaboration among multiple users, other users within the same organization or administrator users who access the server via a browser and execute the attacker's stored JavaScript code may cause security issues such as cookie leakage.
Stored XSS vulnerability demonstration is as follows:

(1) https://dataease.fit2cloud.com/#/panel/index
dataease/frontend/src/views/panel/export/PDFPreExport.vue
Line 18 in 80d272c
Create a dashboard named <audio src=x onerror=confirm('XSS')>

Selecting export to PDF triggers XSS.


(2) https://dataease.fit2cloud.com/#/dataset/index

dataease/frontend/src/views/dataset/data/components/LazyTree.vue
Line 37 in 80d272c
Create a directory named <audio src=x onerror=confirm('XSS')>




Select 'Move to' and bring up the LazyTree interface.
Expanding the tree structure triggers XSS.
Affected versions: <= 1.18.9
Patches
The vulnerability has been fixed in v1.18.9.
Workarounds
It is recommended to upgrade the version to v1.18.9.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/dataease/dataease
Email us at wei@fit2cloud.com