3 matches found
CVE-2022-25929 Cross-site Scripting (XSS)
The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting XSS due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties...
CVE-2022-25929
CVE-2022-25929 affects the smoothie package (versions 1.31.0 through before 1.36.1). The vulnerability is Cross-site Scripting (XSS) caused by improper sanitization of user-controlled values in strokeStyle and tooltipLabel properties. Multiple connected sources corroborate this XSS issue and spec...
CVE-2022-25929 Cross-site Scripting (XSS)
The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting XSS due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties...