10 matches found
EUVD-2024-42784
Malicious code in bioql PyPI...
Security Bulletin: Carbon design system packages
Summary Various packages are vulnerable to multiples CVEs and can be resolved by updating to [email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected]....
CVE-2024-47117
IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
IBM Carbon Design System Cross-Site Scripting Vulnerability
IBM Carbon Design System is a design system for building user interfaces. A cross-site scripting vulnerability exists in IBM Carbon Design System. The vulnerability stems from insufficient validation of user input. An attacker can exploit the vulnerability to embed arbitrary JavaScript code in th...
CVE-2024-47117
IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2024-47117 IBM Carbon Design System cross-site scripting
IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2024-47117 IBM Carbon Design System cross-site scripting
IBM Carbon Design System Carbon Charts 0.4.0 through 1.13.16 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2024-47117
The CVE-2024-47117 entry concerns IBM Carbon Design System (Carbon Charts) with versions 0.4.0–1.13.16 affected by cross-site scripting. The root cause is improper handling/sanitization of user-provided HTML, enabling an authenticated user to embed arbitrary JavaScript in the Web UI, potentially ...
IBM Carbon Design System 跨站脚本漏洞
IBM Carbon Design System is a design system for building user interfaces. A cross-site scripting vulnerability exists in IBM Carbon Design System. The vulnerability stems from insufficient validation of user input. An attacker can exploit the vulnerability to embed arbitrary JavaScript code in th...
Security Bulletin: "Carbon Charts" is vulnerable to Cross-site Scripting due to Improper Neutralization of Input During Web Page Generation (CWE-79)
Summary The issue arises from the library not sanitizing custom HTML provided by developers, allowing potentially harmful scripts to be executed in the user's browser when interacting with the chart. Vulnerability Details CVEID:CVE-2024-47117 DESCRIPTION: IBM Carbon Design System is vulnerable to...