Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 5:14 a.m.10 views

Security Bulletin: Carbon chart DOMPurify XSS Vulnerabilities (CVE-2026-41238, CVE-2026-41239, CVE-2026-41240)

Summary Three cross-site scripting XSS vulnerabilities CVE-2026-41238, CVE-2026-41239, and CVE-2026-41240 were identified in the DOMPurify library versions 3.0.1 through 3.3.3. These vulnerabilities allow attackers to bypass sanitization through prototype pollution exploitation, template expressi...

6.9CVSS5.8AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:14 a.m.8 views

Security Bulletin: Carbon Charts React Router Security Vulnerabilities

Summary Carbon Charts versions prior to v1.27.8 include a vulnerable version of React Router that is susceptible to five security vulnerabilities CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030 with severity ranging from Medium to High CVSS 6.1 to 8.2. These...

8.2CVSS5.9AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:10 a.m.8 views

Security Bulletin: Carbon Charts lodash-es Security Vulnerabilities

Summary Carbon Charts versions prior to 1.27.8 include lodash-es version 4.17.23, which contains two security vulnerabilities: a prototype pollution vulnerability CVE-2026-2950, CVSS 5.3 in the .unset and .omit functions that allows deletion of properties from built-in prototypes, and a critical...

9.8CVSS6.6AI score0.01735EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/12/10 2:30 p.m.3 views

CVE-2024-47117

IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

5.4CVSS5.5AI score0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.6 views

PT-2024-32413 · Ibm · Ibm Carbon Design System

Name of the Vulnerable Software and Affected Versions: IBM Carbon Design System Carbon Charts versions 0.4.0 through 1.13.16 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

5.4CVSS6.4AI score0.00223EPSS
Exploits0References6
Rows per page
Query Builder