Highcharts JS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-29489 - Vulnerability Database

Highcharts JS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-29489

Medium

Reference: CVE-2021-29489

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-29489

Title: Highcharts JS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user39s browser. The vulnerability is patched in version 9. As a workaround implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.