GHSA-RPC5-PM7Q-HJMP billboard.js is vulnerable to XSS during chart option binding

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

billboard.js is vulnerable to XSS during chart option binding

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

Cross-site Scripting (XSS)

Overview org.webjars.npm:billboard.js is a Re-usable easy interface JavaScript chart library, based on D3 v4+ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization in the chart option binding. An attacker can execute arbitrary JavaScript code by...

CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

CVE-2026-1513

CVE-2026-1513 affects billboard.js prior to 3.18.0, enabling cross-site scripting via improper sanitization during chart option binding. Multiple sources (Red Hat, OSV, Snyk) confirm an XSS risk in the affected library. Remediation: upgrade billboard.js to 3.18.0-next.2 or higher (per OSV/Snyk gu...

billboard.js security vulnerability

billboard.js is a reusable and easy-to-use JavaScript chart library developed by NAVER based on D3.js. Versions of billboard.js prior to 3.18.0 contained a security vulnerability. This vulnerability stemmed from improper cleanup during the binding of chart options, which could allow for the...

PT-2026-5054

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...