5 matches found
Security Bulletin: Carbon chart DOMPurify XSS Vulnerabilities (CVE-2026-41238, CVE-2026-41239, CVE-2026-41240)
Summary Three cross-site scripting XSS vulnerabilities CVE-2026-41238, CVE-2026-41239, and CVE-2026-41240 were identified in the DOMPurify library versions 3.0.1 through 3.3.3. These vulnerabilities allow attackers to bypass sanitization through prototype pollution exploitation, template expressi...
Security Bulletin: Carbon Charts React Router Security Vulnerabilities
Summary Carbon Charts versions prior to v1.27.8 include a vulnerable version of React Router that is susceptible to five security vulnerabilities CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030 with severity ranging from Medium to High CVSS 6.1 to 8.2. These...
Security Bulletin: Carbon Charts lodash-es Security Vulnerabilities
Summary Carbon Charts versions prior to 1.27.8 include lodash-es version 4.17.23, which contains two security vulnerabilities: a prototype pollution vulnerability CVE-2026-2950, CVSS 5.3 in the .unset and .omit functions that allows deletion of properties from built-in prototypes, and a critical...
CVE-2024-47117
IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
PT-2024-32413 · Ibm · Ibm Carbon Design System
Name of the Vulnerable Software and Affected Versions: IBM Carbon Design System Carbon Charts versions 0.4.0 through 1.13.16 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...