๐Ÿ” CVE Alert

CVE-2026-55647

UNKNOWN 0.0

DataEase: authenticated stored XSS in the dashboard text components

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
19th

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable event handlers that execute when another user or shared-link visitor views the dashboard. This issue is fixed in version 2.10.24.

CWE CWE-79
Vendor dataease
Product dataease
Published Jul 7, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for dataease dataease

Be the first to know when new unknown vulnerabilities affecting dataease dataease are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

dataease / dataease
< 2.10.24

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/dataease/dataease/security/advisories/GHSA-4v63-24fg-pfg7 github.com: https://github.com/dataease/dataease/commit/9565812980da781eda04c0a3632bf5dc8b0469f6 github.com: https://github.com/dataease/dataease/commit/adab5f1e8954ff91830a3b2f052a42a139d978e1