131 matches found
CVE-2026-41518
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
CVE-2026-41518
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
EUVD-2026-34319
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
PT-2026-46317
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
chartbrew 跨站脚本漏洞
Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Versions 4.9.0 to 5.0.0 of Chartbrew contain a cross-site scripting vulnerability. This vulnerability arises from the ChartDatasetConfig.legend field not being cleaned properly in HTML/JavaScript...
Friday Squid Blogging: Another Squid
Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Security update for grafana
This update for grafana fixes the following issues: Security issues fixed: CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled bsc1258136 CVE-2026-21721: Fixed access control by the dashboard permissions API bsc1257337 CVE-2026-21720: Fixed...
CVE-2026-32118 OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...
CVE-2026-32118 OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...
CVE-2026-32118
OpenEMR prior to version 8.0.0.1 is affected by a stored XSS vulnerability in the Graphical Pain Map (clickmap) form. The issue allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of every subsequent user viewing the affected encounter form. Because sess...
CVE-2020-24650
A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
A Bootiful Podcast: Apache Tomcat legend Mark Thomas (Happy new year!)
In this episode, I talk with Mark Thomas, the legendary and highly prolific committer to Apache Tomcat. Happy New Year!...
Malicious Package
Overview sfdc-abstract-legend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in sfdc-abstract-legend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a29f7f51ba229ced87dfa4e1c978407d9e716ba77115ad38601c49896e0584bb The package sfdc-abstract-legend was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-202369
Malicious code in sfdc-abstract-legend npm...
MAL-2025-192418 Malicious code in sfdc-abstract-legend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a29f7f51ba229ced87dfa4e1c978407d9e716ba77115ad38601c49896e0584bb The package sfdc-abstract-legend was found to contain malicious code. Source: ghsa-malware...
A Bootiful Podcast: Spring community legend and friend Simon Martinelli
Hi, Spring fans! Happy Thanksgiving from me, and I am sure the entire Spring team, to you! We are, it should be clear, oh so very grateful.. thankful.. for you, the community. This week it is my great pleasure to chat with Spring community legend Simon Martinelli...
EUVD-2020-17366
Malware in sbrugna...