Lucene search
K

9 matches found

SUSE CVE
SUSE CVE
added 2025/02/18 5:11 a.m.6 views

SUSE CVE-2025-25304

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS6.8AI score0.00602EPSS
Exploits0References3
NVD
NVD
added 2025/02/14 8:15 p.m.19 views

CVE-2025-25304

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS0.00602EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/02/14 8:15 p.m.15 views

CVE-2025-25304

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS6.2AI score0.00602EPSS
Exploits0References4
OSV
OSV
added 2025/02/14 7:28 p.m.19 views

CVE-2025-25304 Vega allows Cross-site Scripting via the vlSelectionTuples function

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS5.5AI score0.00602EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/14 7:28 p.m.20 views

CVE-2025-25304 Vega allows Cross-site Scripting via the vlSelectionTuples function

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS6.5AI score0.00602EPSS
Exploits0References3
CVE
CVE
added 2025/02/14 7:28 p.m.90 views

CVE-2025-25304

CVE-2025-25304 affects Vega (visualization grammar) and its vega-selections component. Before version 5.26.0 of Vega and 5.4.2 of vega-selections, the vlSelectionTuples function could call attacker-controlled JavaScript functions, including Function(), enabling cross-site scripting via multiple c...

6.9CVSS6.9AI score0.00602EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/14 7:28 p.m.15 views

CVE-2025-25304 Vega allows Cross-site Scripting via the vlSelectionTuples function

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS0.00602EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/02/14 5:33 p.m.7 views

@candela/stats (>=0.20.0 <=0.21.0), @candela/vega (>=0.20.0 <=0.23.0) +130 more potentially affected by CVE-2025-25304 via vega (>=1.5.4 <=5.25.0)

vega NPM version =1.5.4, =0.20.0, =0.20.0, =0.3.0, =0.6.0, =1.0.5, =1.2.0, =0.0.2, =0.8.0, =3.1.3 - @jupyterlab/vega3-extension =0.14.3 and more Source cves: CVE-2025-25304 Source advisory: OSV:GHSA-MP7W-MHCV-673J...

6.9CVSS5.9AI score0.00602EPSS
Exploits0
Circl
Circl
added 2025/02/14 4:10 p.m.8 views

CVE-2025-25304

creationtimestamp| type| source ---|---|--- 2025-02-14 16:10:32+00:00| published-proof-of-concept| https://github.com/vega/vega/security/advisories/GHSA-mp7w-mhcv-673j 2025-02-14 19:34:33+00:00| seen| https://infosec.exchange/users/cve/statuses/114003913828136574 2025-02-14 20:16:06+00:00| seen|...

6.9CVSS6AI score0.00602EPSS
Exploits0References5
Rows per page
Query Builder