Description
apexcharts
is vulnerable to Cross-Site Scripting (XSS).
Proof of Concept
- Install the package by following this instruction https://apexcharts.com/docs/installation/ or try the live sandbox here https://codepen.io/apexcharts/pen/xYqyYm
- Edit
JS
and insert the XSS payload below in the name
field
- Payload:
'sales<img src>'
- XSS payload will get executed.
Impact
An attacker is able to execute malicious scripts.