漏洞标题
如果未经过滤就传递,选项结构会受到跨站脚本攻击(XSS)的影响。
漏洞描述信息
如果未经过滤就传递,选项结构会受到跨站脚本(XSS)的攻击。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Options structure open to XSS if passed unfiltered
漏洞描述信息
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Highcharts JS 跨站脚本漏洞
漏洞描述信息
Highcharts JS是一款基于SVG的JavaScript图表框架。DOMPurify是一款使用JavaScript编写的,用于HTML、MathML和SVG的DOM(文档对象模型)。 Highcharts JS 存在跨站脚本漏洞,该漏洞源于不可信源的内容可能会在最终用户的浏览器中执行代码。
CVSS信息
N/A
漏洞类别
跨站脚本