Home > Vulnerability Database > CVE-2021-29489

Mend.io Vulnerability Database

CVE-2021-29489

Good to know:

Date: May 5, 2021

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.

Language: JS

Severity Score

7.6

Related Resources (7)

Url: https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95

Url: https://security.netapp.com/advisory/ntap-20210622-0005/

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29489

Url: https://security.netapp.com/advisory/ntap-20210622-0005

Url: https://www.npmjs.com/package/highcharts

Url: https://github.com/highcharts/highcharts

Url: https://www.mend.io/vulnerability-database/CVE-2021-29489

Severity Score

7.6

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version highcharts - 9.0.0

Learn More

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	LOW

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29489

Good to know:

Date: May 5, 2021

Language: JS

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?