CVE-2021-23327
MEDIUMapexcharts < 3.24.0 - Cross-Site Scripting via Graph Legend Fields
Title source: llmDescription
The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-APEXCHARTS-1062708
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1070616
Patch, Third Party Advisory x_refsource_misc
https://github.com/apexcharts/apexcharts.js/commit/68f3f34d125719b4767614fe0a595cc65bde1d19
Exploit, Third Party Advisory x_refsource_misc
https://github.com/apexcharts/apexcharts.js/pull/2158
Scores
CVSS v3
6.3
EPSS
0.0137
EPSS Percentile
68.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-79
Status
published
Products (2)
fusioncharts/apexcharts
< 3.24.0
npm/apexcharts
0 - 3.24.0npm
Published
Feb 09, 2021
Tracked Since
Feb 18, 2026