Cross-site Scripting (XSS)

Overview @fluentui/react-charts is a React web chart controls for Microsoft fluentui v9 system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsecured SVG attribute spreading in the CartesianChart, Legend Shape renderer, and LineChart event annotation Textb...

@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +330 more potentially affected by CVE-2023-48219 via tinymce (>=4.5.1 <=5.10.8)

tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-48219 Source advisory: OSV:GHSA-V626-R774-J7F8...

PT-2020-15029 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.13 Description: The Charts and Query View of the old Flask-admin based UI in Apache Airflow were vulnerable to a Server-Side Request Forgery SSRF attack. Recommendations: For versions prior to 1.10.13,...