Lucene search
Veracode Vulnerability DatabaseVERACODE:39620HistoryMar 10, 2023 - 9:14 a.m.
Cross-site Scripting (XSS)
2023-03-1009:14:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross-site scripting
vega
lassoappend
vulnerability
function
attacker
object
push
event view
EPSS
0.001
Percentile
45.3%
vega is vulnerable to Cross-site Scripting (XSS) attacks. The library does not properly enforce types for its arguments in the lassoAppend function, which allows an attacker to specify any object with a push function. The push function then can be set to any function that has the access to event.view.
Related
nvd
nvd
CVE-2023-26487
2023-03-04 00:15:15
prion
prion
Format string
2023-03-04 00:15:00
osv
osv
CVE-2023-26487
2023-03-04 00:15:15
Vega has Cross-site Scripting vulnerability in `lassoAppend` function
2023-03-02 23:08:21
cvelist
cvelist
redhatcve
redhatcve
CVE-2023-26487
2023-05-04 09:51:37
openvas
openvas
cve
cve
CVE-2023-26487
2023-03-04 00:15:15
github
github
Vega has Cross-site Scripting vulnerability in `lassoAppend` function
2023-03-02 23:08:21
