XSS in Dataease

CVE-2026-32139

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the roo…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (15.9th percentile) — read the EPSS interpretation.