WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-23327 Vulnerability in maven package org.webjars.npm:apexcharts

Description

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.

Remediation

References

https://github.com/apexcharts/apexcharts.js/commit/68f3f34d125719b4767614fe0a595cc65bde1d19

https://github.com/apexcharts/apexcharts.js/pull/2158

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1070616

https://snyk.io/vuln/SNYK-JS-APEXCHARTS-1062708

Related Vulnerabilities

CVE-2017-16031 Vulnerability in npm package socket.io

CVE-2022-1330 Vulnerability in maven package org.webjars.bowergithub.alvarotrigo:fullpage.js

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty:jetty-servlets

CVE-2023-30527 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth

CVE-2020-36186 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Critical

Classification

CWE-79

Tags

Patch Third Party Advisory Exploit