← Retour aux CVEs
CVE-2021-29489
HIGH7.6
Description
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.
Details CVE
Score CVSS v3.17.6
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie5/5/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
highcharts:highchartsnetapp:cloud_backupnetapp:oncommand_insightnetapp:oncommand_workflow_automationnetapp:snapcenter
Faiblesses (CWE)
CWE-79
References
https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95(security-advisories@github.com)
https://security.netapp.com/advisory/ntap-20210622-0005/(security-advisories@github.com)
https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210622-0005/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.