32 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-66648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user...
CVE-2025-66648
A flaw was found in vega-functions. For sites that allow users to supply untrusted input, a remote attacker could exploit a vulnerability by maliciously using an internal function. This could lead to the execution of unintentional JavaScript, resulting in Cross-Site Scripting XSS. Mitigation...
@datatitian/vega (=5.17.0), @lumere/vega (=5.17.0) +4 more potentially affected by CVE-2025-66648 via vega-functions (>=5.8.0 <=6.0.0)
vega-functions NPM version =5.8.0, =2.5.0, =5.16.0, =5.16.0, =6.1.2 Source cves: CVE-2025-66648 Source advisory: SNYK:JS-VEGAFUNCTIONS-14872001...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the...
EUVD-2025-206236
vega-functions vulnerable to Cross-site Scripting via setdata function...
Cross-site Scripting (XSS)
Overview vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the application by supplyin...
GHSA-M9RG-MR6G-75GM `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
Impact For sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. Patches Fixed in vega-functions 6.1.1 Workarounds There is no workaround besides upgrading. Using...
`vega-functions` vulnerable to Cross-site Scripting via `setdata` function
Impact For sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. Patches Fixed in vega-functions 6.1.1 Workarounds There is no workaround besides upgrading. Using...
CVE-2025-66648
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
DEBIAN-CVE-2025-66648
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
UBUNTU-CVE-2025-66648
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648
The CVE-2025-66648 issue affects vega-functions (Vega expression language implementation). Prior to version 6.1.1, an internal function (not part of the public API) could be abused when sites accept untrusted input, enabling unintended JavaScript execution (XSS). The vulnerability is fixed in veg...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
PT-2026-1340
Name of the Vulnerable Software and Affected Versions vega-functions versions prior to 6.1.1 Description vega-functions provides function implementations for the Vega expression language. For sites accepting untrusted user input, a malicious actor could exploit an internal function to execute...
Linux Distros Unpatched Vulnerability : CVE-2025-27793
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0,...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting attacks (CVE-2025-27793)
Summary There is a vulnerability in Vega used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-27793 DESCRIPTION: Vega is a visualization grammar, a declarative form...