Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Highcharts Subscribe
Filtered by product Highcharts
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29489 2 Highcharts, Netapp 5 Highcharts, Cloud Backup, Oncommand Insight and 2 more 2022-06-03 3.5 LOW 5.4 MEDIUM
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.
CVE-2018-20801 1 Highcharts 1 Highcharts 2019-07-15 5.0 MEDIUM 7.5 HIGH
In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.