CVE-2018-0697

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.0090%

EPSS Percentile31.90th

PublishedNov 15, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Platforms (CPE)

📦

Metabase

<= 0.29.3

References & Advisories

🔗 http://jvn.jp/en/jp/JVN14323043/index.html

🔗 https://metabase.com/

🔗 http://jvn.jp/en/jp/JVN14323043/index.html

🔗 https://metabase.com/

Related Vulnerabilities

CVE-2021-4127710.0

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...