EUVD-2017-0150

Malware in sbrugna...

EUVD-2024-0449

Malicious code in bioql PyPI...

Security Bulletin: There is a vulnerability in plotly.js used by IBM Maximo Asset Management application (CVE-2023-46308)

Summary There is a vulnerability in plotly.js used by IBM Maximo Asset Management application CVE-2023-46308 Vulnerability Details CVEID:CVE-2023-46308 DESCRIPTION: Plotly plotly.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to execute arbitrary code on the system CVE-2023-46308

Summary plotly.js is used by the IBM Datapower Operations Dashboard in their web console. Vulnerability Details CVEID:CVE-2023-46308 DESCRIPTION: Plotly plotly.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the plot API calls. By...

SUSE CVE-2023-46308

In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...

Prototype Pollution

plotly.js is vulnerable to Prototype pollution. The vulnerability is caused due to missing validation against the proto attribute and other internal getters and setters. An attacker can pollute the prototype with properties containing harmful values, which is subsequently used by application...

@12-labours/mapintegratedvuer (>=1.0.0-beta.0 <=1.0.0-beta.14), @abi-software/mapintegratedvuer (>=0.1.0 <=0.6.7) +209 more potentially affected by CVE-2023-46308 via plotly.js (>=1.12.0 <=2.23.2)

plotly.js NPM version =1.12.0, =1.0.0-beta.0, =0.1.0, =0.2.23, =0.2.0, =0.1.27, =1.0.7, =0.9.1, =0.14.1, =1.2.16, =0.0.1, =1.0.0, =0.0.6, =1.0.0, =1.0.3 and more Source cves: CVE-2023-46308 Source advisory: OSV:GHSA-WJC4-73Q6-GV3M...

plotly.js prototype pollution vulnerability

In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...

CVE-2023-46308

In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...

Plotly.js Security Vulnerability

Plotly.js is Plotly open source an independent Javascript data visualization library . Plotly.js version before 2.25.2 has a security vulnerability , the vulnerability stems from a prototype contamination problem in the API call...

CVE-2023-46308

CVE-2023-46308 affects the Plotly library plotly.js prior to 2.25.2. The issue is a prototype pollution flaw in the plot API calls (expandObjectPaths/nestedProperty) that could lead to remote code execution or denial of service. Public references indicate the fix is in plotly.js v2.25.2 and later...

Cross Site Scripting (XSS) in plotly.js

Affected versions of plotly.js are vulnerable to cross-site scripting if an attacker can convince a user to visit a malicious plot on a site using this package. Recommendation Update to 1.16.0 or later...

GHSA-2FQV-H3R5-M4VF Cross Site Scripting (XSS) in plotly.js

Affected versions of plotly.js are vulnerable to cross-site scripting if an attacker can convince a user to visit a malicious plot on a site using this package. Recommendation Update to 1.16.0 or later...

paraview-glance (>=1.0.0 <=1.1.13), paraviewweb (>=1.9.0 <=2.5.29) +3 more potentially affected by CVE-2017-1000006 via plotly.js (>=1.12.0 <=1.14.0)

plotly.js NPM version =1.12.0, =1.0.0, =1.9.0, =1.0.0, =1.0.0, =1.0.6 - vue-admin =0.0.1 Source cves: CVE-2017-1000006 Source advisory: OSV:GHSA-2FQV-H3R5-M4VF...

Cross-site Scripting (XSS)

plotly.js is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary script through the text boxes when inserting links...

CVE-2017-1000006

Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue...

Cross site scripting

Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue...

Plotly.js Cross-Site Scripting Vulnerability

Plotly plotly.js is a Canadian company Plotly open source cross-platform JavaScript charting library . A cross-site request forgery vulnerability exists in Plotly plotly.js versions prior to 1.16.0. A remote attacker can exploit this vulnerability to perform unauthorized operations...

CVE-2017-1000006

Summary: CVE-2017-1000006 affects Plotly’s plotly.js versions prior to 1.16.0, introducing a cross-site scripting (XSS) vulnerability. Component/affected software: plotly.js (Plotly, Inc.). Root cause / nature: XSS in rendering of plots; vulnerable to injection that can lead to script execution i...

Cross-Site Scripting (XSS)

plotly.js is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript by creating a scatter plot with 2 traces and editing the name of one of the traces to contain malicious javascript. The javascript will be executed on hovering over the affect...