EUVD-2021-1014

Malware in sbrugna...

CVE-2021-29489

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

Highcharts JS Cross-Site Scripting Vulnerability

Highcharts JS is an SVG-based JavaScript charting framework. DOMPurify is a DOM Document Object Model written in JavaScript for HTML, MathML and SVG. A cross-site scripting vulnerability exists in Highcharts JS, which can be exploited by an attacker to execute code in a browser...

CVE-2021-29489 Options structure open to XSS if passed unfiltered

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

Code injection

In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS...

CVE-2018-20801

Highcharts JS (before 6.1.0) has a Regular Expression Denial of Service (ReDoS) flaw in SvgRenderer.js due to backtracking regex usage. This could allow an attacker to disrupt the SVGRenderer component by processing crafted input. Remediation: upgrade to Highcharts 6.1.0 or newer. Affected CVE: C...