8 matches found
billboard.js is vulnerable to XSS during chart option binding
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
GHSA-RPC5-PM7Q-HJMP billboard.js is vulnerable to XSS during chart option binding
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
Cross-site Scripting (XSS)
Overview org.webjars.npm:billboard.js is a Re-usable easy interface JavaScript chart library, based on D3 v4+ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization in the chart option binding. An attacker can execute arbitrary JavaScript code by...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
CVE-2026-1513
CVE-2026-1513 affects billboard.js prior to 3.18.0, enabling cross-site scripting via improper sanitization during chart option binding. Multiple sources (Red Hat, OSV, Snyk) confirm an XSS risk in the affected library. Remediation: upgrade billboard.js to 3.18.0-next.2 or higher (per OSV/Snyk gu...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
billboard.js security vulnerability
billboard.js is a reusable and easy-to-use JavaScript chart library developed by NAVER based on D3.js. Versions of billboard.js prior to 3.18.0 contained a security vulnerability. This vulnerability stemmed from improper cleanup during the binding of chart options, which could allow for the...
PT-2026-5054
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...