10 matches found
Cross-site Scripting (XSS)
Overview vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the vlSelectionTuples processing. An attacker can execute arbitrary JavaScript code in the application's context by tricking a user int...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the vlSelectionTuples processing. An attacker can execute arbitrary JavaScript code in the application's context by...
CVE-2025-65110
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...
CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...
org.webjars.npm:vega-selections (>=5.1.0 <=5.6.0), org.webjars.npm:vega-typings (>=0.22.0 <=0.22.3) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-expression (>=2.7.0 <=5.2.0)
org.webjars.npm:vega-expression MAVEN version =2.7.0, =5.1.0, =0.22.0, =0.22.3 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-13961290...
Linux Distros Unpatched Vulnerability : CVE-2025-25304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and...
SUSE CVE-2025-25304
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...
DEBIAN-CVE-2025-25304
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the vlSelectionTuples function, allowing the usage of Function with arbitrary JavaScript code. Details Cross-site...
PT-2025-7077 · Unknown +1 · Vega-Selections +1
Name of the Vulnerable Software and Affected Versions: vega versions prior to 5.26.0 vega-selections versions prior to 5.4.2 Description: The vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site scripting. This function calls multiple functions that can be...