19 matches found
CVE-2026-45249
A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...
CVE-2026-45249
A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...
CVE-2026-45249
Apache ECharts contains an XSS risk in the Lines series tooltip rendering for versions before 6.1.0. If Lines and tooltip are used without a user-specified tooltip.formatter and series.data[i].name is set, a raw HTML string can be inserted into the tooltip via innerHTML, bypassing normal escaping...
EUVD-2026-31650
A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...
CVE-2026-45249 Apache ECharts: XSS in Lines series tooltip rendering
A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...
CVE-2026-45249
A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...
CVE-2026-45249 Apache ECharts: XSS in Lines series tooltip rendering
A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...
Apache ECharts 安全漏洞
Apache ECharts is a data visualization charting library from the Apache USA Foundation. A security vulnerability exists in Apache ECharts versions prior to 6.1.0, which stems from a failure to escape HTML strings in the rendering logic of the Lines family of tooltips, potentially leading to a...
PT-2026-42882
Name of the Vulnerable Software and Affected Versions Apache ECharts versions prior to 6.1.0 Description A cross-site scripting XSS issue exists in the Lines series tooltip rendering logic. When the Lines series and tooltip are used without a user-specified tooltip.formatter, and series.datai.nam...
Atlassian Jira Service Management Data Center and Server 10.3.x< 10.3.14 / 11.0.x < 11.3.0 (JSDSERVER-16470)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16470 advisory. - ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to...
EUVD-2021-2053
Malware in sbrugna...
CVE-2021-39227
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using merge and clone helper methods in the src/core/util.ts module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports...
Prototype Pollution in the merge and clone helper methods
Impact Using merge and clone helper methods in the src/core/util.ts module will have prototype pollution. It will affect the popular data visualization library Apache ECharts, which is using and exported these two methods directly. Patches It has been patched in...
CVE-2021-39227
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using merge and clone helper methods in the src/core/util.ts module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports...
CVE-2021-39227
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using merge and clone helper methods in the src/core/util.ts module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports...
Design/Logic Flaw
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using merge and clone helper methods in the src/core/util.ts module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports...
CVE-2021-39227 Fix prototype pollution in the zrender merge and clone helper methods
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using merge and clone helper methods in the src/core/util.ts module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports...
CVE-2021-39227
CVE-2021-39227 affects ZRender prior to 5.2.1, enabling prototype pollution via the merge and clone helpers in src/core/util.ts. Apache ECharts uses and exports these methods, so the vulnerability can impact dependent code paths. The issue is patched in ZRender 5.2.1; a documented workaround is t...
PT-2021-22477 · Apache · Apache Echarts
Name of the Vulnerable Software and Affected Versions: ZRender versions prior to 5.2.1 Apache ECharts versions prior to 5.2.1 Description: The issue results in prototype pollution when using merge and clone helper methods in the src/core/util.ts module. It affects Apache ECharts, which uses and...