15 matches found
CVE-2026-41518
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
EUVD-2025-199325
Malicious code in @commute/market-data-chartjs npm...
MAL-2025-191209 Malicious code in @commute/market-data-chartjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e906d8b501e2641730640922fb6196f422637e4fa3c7eb6e5823dc3f6301026c The package @commute/market-data-chartjs was found to contain malicious code. Source: ghsa-malware...
CVE-2023-6082
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-6081
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
com.alilitech:boot-plus-log (>=2.1.0 <=2.1.5), com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0) +19 more potentially affected by CVE-2025-27152 via org.webjars.npm:axios (>=1.15.2 <=1.7.2)
org.webjars.npm:axios MAVEN version =1.15.2, =2.1.0, =2.0.0, =1.0.3, =1.0.0, =2.1.1, =1.0.0, =1.0.0, =2.1.3, =2.0.0, =1.0.2, =4.22.2, =4.22.2, =0.0.1, =1.0.0 - org.webjars.npm:posthog-node =4.17.1 and more Source cves: CVE-2025-27152 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9376923...
CVE-2023-6081
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-6082
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-6081
CVE-2023-6081 affects the WordPress Chart.js plugin “enigma-chartjs” up to version 2023.2. The vulnerability arises from insufficient sanitization/escaping of certain settings, potentially enabling Stored Cross-Site Scripting by high-privilege users (e.g., Editor) even when unfiltered_html is dis...
PT-2024-14878 · WordPress · Chartjs
Name of the Vulnerable Software and Affected Versions: chartjs WordPress plugin versions through 2023.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...
PT-2024-14877 · WordPress · Chartjs
Name of the Vulnerable Software and Affected Versions: chartjs WordPress plugin versions through 2023.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...
Malicious code in chartjs-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0694218023b99a066388095e0c9d8de4e8d09473cc88abac25165435e4a5d7d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-173 Malicious code in chartjs-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0694218023b99a066388095e0c9d8de4e8d09473cc88abac25165435e4a5d7d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in angara.chartjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2fa5dd768fc2f40637bc958f4d7e2d906c38a191086e3c753d24760ec70faad9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...