4 matches found
@antv/g2 (>=3.2.0 <=3.2.8-beta.6), @bizcharts/other-datamarker_dataregion (>=0.0.1 <=0.1.4) +22 more potentially affected by unknown CVE via @antv/interaction (>=0.0.8 <=0.1.5)
@antv/interaction NPM version =0.0.8, =3.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.4, =0.1.8, =1.0.4, =1.0.4, =0.1.4, =0.1.14, =0.1.5, =1.0.5, =3.0.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVINTERACTION-16755011...
@alicloud/cloud-charts (>=0.1.0 <=0.1.10), @alicloud/console-charts (>=0.1.0 <=0.3.0) +139 more potentially affected by unknown CVE via @antv/g2-brush (=0.0.2)
@antv/g2-brush NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-brush and may be impacted: - @alicloud/cloud-charts =0.1.0, =0.1.0, =0.0.113, =0.0.113, =0.1.4-beta-3.3, =2.5.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5,...
Cross-Site Scripting (XSS)
BizCharts is vulnerable to cross site scripting. The package fails to sanitize config data in the update function, allowing attackers to inject and execute arbitrary code in a victim's browser...
Cross-site Scripting (XSS) - Generic in alibaba/bizcharts
Description bizcharts is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce-: 1. Open NPM repo https://www.npmjs.com/package/bizcharts 2. Open the demo https://bizcharts.net/product/BizCharts4/gallery 3. Select any chartI used pie chart Ex: https://bizcharts.net/product/BizCharts4/demo/37...