Metabase
CVE-2018-0697
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AnalysisAI
Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected products include: Metabase. Version information: version 0.29.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
Metabase is an open source data analytics platform. Rated high severity (CVSS 7.5), this vulnerability is remotely explo
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request For
Remote code execution in Metabase (open-source business intelligence platform) versions 1.54.0 through the fixed release
Metabase is an open-source business intelligence and analytics platform. Rated critical severity (CVSS 9.8), this vulner
Metabase is an open source business analytics engine. Rated critical severity (CVSS 9.6), this vulnerability is remotely
Metabase is an open source business intelligence and analytics application. Rated medium severity (CVSS 5.3), this vulne
Remote code execution in Metabase's H2 database driver allows an authenticated user with native-query privileges to run
Metabase is data visualization software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low
Metabase is data visualization software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low
Metabase is an open source business intelligence and analytics application. Rated high severity (CVSS 8.8), this vulnera
Metabase versions prior to 0.57.13 and 0.58.x through 0.58.6 allow authenticated users to extract sensitive data includi
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today