Описание
Cross Site Scripting (XSS) in plotly.js
Affected versions of plotly.js are vulnerable to cross-site scripting if an attacker can convince a user to visit a malicious plot on a site using this package.
Recommendation
Update to 1.16.0 or later.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000006
- https://acloudtree.com/2016-08-09-how-i-hacked-plotly-by-exploiting-a-svg-vulnerability-in-plotlyjs
- https://github.com/advisories/GHSA-2fqv-h3r5-m4vf
- https://www.npmjs.com/advisories/145
- http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory
Пакеты
Наименование
plotly.js
npm
Затронутые версииВерсия исправления
< 1.16.0
1.16.0
Связанные уязвимости
CVSS3: 6.1
nvd
больше 8 лет назад
Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.