Vendor
Highcharts
Products
1
CVEs
2
Across products
2
Status
Private
Products
1- Highcharts2 CVEsnpm
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29489 | Hig | 0.49 | 7.6 | 0.01 | May 5, 2021 | Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's… | ||
| CVE-2018-20801 | Hig | 0.42 | 7.5 | 0.03 | Mar 14, 2019 | In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS. |
- risk 0.49cvss 7.6epss 0.01
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's…
- risk 0.42cvss 7.5epss 0.03
In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.