WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-23327 Vulnerability in maven package org.webjars.npm:apexcharts

Description

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.

Remediation

References

https://github.com/apexcharts/apexcharts.js/commit/68f3f34d125719b4767614fe0a595cc65bde1d19

https://github.com/apexcharts/apexcharts.js/pull/2158

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1070616

https://snyk.io/vuln/SNYK-JS-APEXCHARTS-1062708

Related Vulnerabilities

CVE-2018-14042 Vulnerability in maven package org.webjars:bootstrap-sass

CVE-2020-2213 Vulnerability in maven package org.jenkins-ci.plugins:whitesource

CVE-2021-25122 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2020-28455 Vulnerability in npm package markdown-it-toc

CVE-2023-37959 Vulnerability in maven package org.jenkins-ci.plugins:sumologic-publisher

Severity

Critical

Classification

CWE-79

Tags

Patch Third Party Advisory Exploit