← Back

Highcharts

highcharts

Vendor: Highcharts • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-29489
2Highcharts
Netapp
5Cloud Backup
HighchartsOncommand Insight+2 more
Nov 21, 2024
May 5, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from u...Show more
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.Show less
CVE-2018-20801
1Highcharts
1Highcharts
Nov 21, 2024
Mar 14, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.