Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and previous versions, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
highcharts highcharts |
||
netapp cloud backup - |
||
netapp snapcenter - |
||
netapp oncommand workflow automation - |
||
netapp oncommand insight - |