EUVD-2018-0750

Malware in sbrugna...

GHSA-FWX5-5FQJ-JV98 Cross-Site Scripting in morris.js

Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script will run o...

Cross-Site Scripting in morris.js

Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script will run o...

Morris.js Cross-Site Scripting Vulnerability

Morris.js is an API for drawing bar charts, pie charts, and other charts. A cross-site scripting vulnerability exists in Morris.js version 0.5.0 and earlier. A remote attacker can exploit the vulnerability to inject and execute scripts...

CVE-2017-16022

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded...

CVE-2017-16022

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded...

Code injection

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded...

CVE-2017-16022

CVE-2017-16022 affects Morris.js: the SVG hover labels produced by Morris.js are not escaped in versions 0.5.0 and earlier, enabling client-side script injection if an attacker controls the label content. The CVE describes a cross-site scripting (XSS) risk when the graph is loaded. Public disclos...

CVE-2017-16022

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded...

Cross-site Scripting (XSS)

Morris.js is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the hovering label names. These labels aren't escaped so if these labels are attacker controlled, malicious script can be executed client side each time a graph is loaded...

Cross-Site Scripting

Overview Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script...