EUVD-2021-1096

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-7746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existi...

CVE-2023-6081 Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-6081 Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-6082 Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-6082 Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Plugin Chart.js for WordPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Plugin Chart.js for WordPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress enigma chart.js Plugin <= 2023.2 is vulnerable to Cross Site Scripting (XSS)

Software enigma chart.js Type Plugin Vulnerable versions = 2023.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6081 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92966ae6d3fe Credits Asif Nawaz Minhas & Serge...

WordPress enigma chart.js Plugin <= 2023.2 is vulnerable to Cross Site Scripting (XSS)

Software enigma chart.js Type Plugin Vulnerable versions = 2023.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6082 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f48f6888cc5 Credits Asif Nawaz Minhas & Serge...

Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Charts New Chart HTML 3...

Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Charts Settings". 2. For th...

Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Charts Settings". 2...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to denial of service due to Chart.js (CVE-2020-7746)

Summary The chart.js module is shipped with IBM Tivoli Netcool Impact as part of the probable cause feature. Information about a security vulnerability affecting chart.js has been published in a security bulletin. Vulnerability Details CVEID:CVE-2020-7746 DESCRIPTION: Node.js chart.js moudle is...

MAL-2022-1883 Malicious code in chart.js-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 158452cb65e1829f3bef9dd60011e52b0aca5ec322724ea3adfd9cae286a3f79 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chart.js-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 158452cb65e1829f3bef9dd60011e52b0aca5ec322724ea3adfd9cae286a3f79 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

chart.js: prototype pollution

A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution...

MAL-2022-1884 Malicious code in chart.js-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ddb1847faf5a848d1147a781b71524dc369a6c7ab7485df61781934e8cc0e64 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chart.js-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ddb1847faf5a848d1147a781b71524dc369a6c7ab7485df61781934e8cc0e64 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chart.js-bar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 122ffb60a22385be6fd06b5a78d49e78b7b1a9274f87cafd2b88cc7ec5f3c9ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...