CVE-2023-6082

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

com.alilitech:boot-plus-log (>=2.1.0 <=2.1.5), com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0) +19 more potentially affected by CVE-2025-27152 via org.webjars.npm:axios (>=1.15.2 <=1.7.2)

org.webjars.npm:axios MAVEN version =1.15.2, =2.1.0, =2.0.0, =1.0.3, =1.0.0, =2.1.1, =1.0.0, =1.0.0, =2.1.3, =2.0.0, =1.0.2, =4.22.2, =4.22.2, =0.0.1, =1.0.0 - org.webjars.npm:posthog-node =4.17.1 and more Source cves: CVE-2025-27152 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9376923...

CVE-2023-6081

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-14878 · WordPress · Chartjs

Name of the Vulnerable Software and Affected Versions: chartjs WordPress plugin versions through 2023.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...