Lucene search
K

10 matches found

Snyk
Snyk
added 2026/01/05 9:55 p.m.3 views

Cross-site Scripting (XSS)

Overview vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the vlSelectionTuples processing. An attacker can execute arbitrary JavaScript code in the application's context by tricking a user int...

9.3CVSS5.4AI score0.00452EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/05 9:55 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the vlSelectionTuples processing. An attacker can execute arbitrary JavaScript code in the application's context by...

9.3CVSS5.5AI score0.00452EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/01/05 9:22 p.m.5 views

CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

9.3CVSS6.1AI score0.00452EPSS
Exploits1
OSV
OSV
added 2026/01/05 9:22 p.m.5 views

CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

8.1CVSS7.2AI score0.00452EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/11/13 8:43 p.m.7 views

org.webjars.npm:vega-selections (>=5.1.0 <=5.6.0), org.webjars.npm:vega-typings (>=0.22.0 <=0.22.3) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-expression (>=2.7.0 <=5.2.0)

org.webjars.npm:vega-expression MAVEN version =2.7.0, =5.1.0, =0.22.0, =0.22.3 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-13961290...

8.1CVSS6AI score0.00334EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-25304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and...

6.9CVSS6AI score0.00602EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/18 5:11 a.m.5 views

SUSE CVE-2025-25304

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS6.8AI score0.00602EPSS
Exploits0References3
OSV
OSV
added 2025/02/14 8:15 p.m.3 views

DEBIAN-CVE-2025-25304

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS5.6AI score0.00602EPSS
Exploits0References1
Snyk
Snyk
added 2025/02/14 7:41 p.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the vlSelectionTuples function, allowing the usage of Function with arbitrary JavaScript code. Details Cross-site...

6.9CVSS5.4AI score0.00602EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.5 views

PT-2025-7077 · Unknown +1 · Vega-Selections +1

Name of the Vulnerable Software and Affected Versions: vega versions prior to 5.26.0 vega-selections versions prior to 5.4.2 Description: The vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site scripting. This function calls multiple functions that can be...

6.9CVSS7AI score0.00602EPSS
Exploits0References13
Rows per page
Query Builder