Medium severity6.1NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026
CVE-2017-1000006
CVE-2017-1000006
Description
Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
plotly.jsnpm | < 1.16.0 | 1.16.0 |
Affected products
7cpe:2.3:a:plotly:plotly.js:1.11.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:plotly:plotly.js:1.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:plotly:plotly.js:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:plotly:plotly.js:1.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:plotly:plotly.js:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:plotly:plotly.js:1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:plotly:plotly.js:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:plotly:plotly.js:1.15.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/nvdVendor Advisory
- github.com/advisories/GHSA-2fqv-h3r5-m4vfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1000006ghsaADVISORY
- help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisoryghsaWEB
- acloudtree.com/2016-08-09-how-i-hacked-plotly-by-exploiting-a-svg-vulnerability-in-plotlyjsghsaWEB
- www.npmjs.com/advisories/145ghsaWEB
News mentions
0No linked articles in our index yet.