CVE-2026-32139 - Vulnerability Analysis
MediumCVSS: 5.4Last Updated: March 13, 2026
DataEase - Stored XSS
Published: March 12, 2026Updated: March 13, 2026PoC AvailableRemote Exploitable
Overview
DataEase <= 2.10.19 contains a stored XSS caused by insufficient sanitization of SVG uploads in the static resource upload interface, letting attackers execute scripts in browsers via malicious SVGs, exploit requires victim to visit the resource URL.
Severity & Score
Severity: Medium
CVSS Score: 5.4
Impact
Attackers can execute arbitrary scripts in users' browsers, potentially stealing data or performing actions on behalf of users.
Mitigation
Upgrade to version 2.10.20 or later.
Related Resources
Details
- CVE ID
- CVE-2026-32139
- Severity
- Medium
- CVSS Score
- 5.4
- Type
- stored_xss
- Status
- confirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N