exploitDog

CVE-2021-23327

Опубликовано: 09 фев. 2021

Источник: nvd

CVSS3: 6.3

CVSS2: 4.3

EPSS Низкий

Описание

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.

Ссылки

https://github.com/apexcharts/apexcharts.js/commit/68f3f34d125719b4767614fe0a595cc65bde1d19
Patch
Third Party Advisory
https://github.com/apexcharts/apexcharts.js/pull/2158
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1070616
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-APEXCHARTS-1062708
Third Party Advisory
https://github.com/apexcharts/apexcharts.js/commit/68f3f34d125719b4767614fe0a595cc65bde1d19
Patch
Third Party Advisory
https://github.com/apexcharts/apexcharts.js/pull/2158
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1070616
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-APEXCHARTS-1062708
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fusioncharts:apexcharts:*:*:*:*:*:node.js:*:*

Версия до 3.24.0 (исключая)

EPSS

Процентиль: 52%

0.00293

Низкий

6.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w46j-8hm6-h8mm

CVSS3: 6.3

github

почти 5 лет назад

XSS in apexcharts

EPSS

Процентиль: 52%

0.00293

Низкий

6.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79