9 matches found
SUSE CVE-2025-25304
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...
CVE-2025-25304
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...
CVE-2025-25304
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...
CVE-2025-25304 Vega allows Cross-site Scripting via the vlSelectionTuples function
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...
CVE-2025-25304 Vega allows Cross-site Scripting via the vlSelectionTuples function
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...
CVE-2025-25304
CVE-2025-25304 affects Vega (visualization grammar) and its vega-selections component. Before version 5.26.0 of Vega and 5.4.2 of vega-selections, the vlSelectionTuples function could call attacker-controlled JavaScript functions, including Function(), enabling cross-site scripting via multiple c...
CVE-2025-25304 Vega allows Cross-site Scripting via the vlSelectionTuples function
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...
@candela/stats (>=0.20.0 <=0.21.0), @candela/vega (>=0.20.0 <=0.23.0) +130 more potentially affected by CVE-2025-25304 via vega (>=1.5.4 <=5.25.0)
vega NPM version =1.5.4, =0.20.0, =0.20.0, =0.3.0, =0.6.0, =1.0.5, =1.2.0, =0.0.2, =0.8.0, =3.1.3 - @jupyterlab/vega3-extension =0.14.3 and more Source cves: CVE-2025-25304 Source advisory: OSV:GHSA-MP7W-MHCV-673J...
CVE-2025-25304
creationtimestamp| type| source ---|---|--- 2025-02-14 16:10:32+00:00| published-proof-of-concept| https://github.com/vega/vega/security/advisories/GHSA-mp7w-mhcv-673j 2025-02-14 19:34:33+00:00| seen| https://infosec.exchange/users/cve/statuses/114003913828136574 2025-02-14 20:16:06+00:00| seen|...