Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2016-0048

Good to know:

icon
icon

Date: May 1, 2016

"C3 is a D3-based reusable chart library that enables deeper integration of charts into web applications.Versions 0.4.10 and lower of c3 contain a cross site scripting (XSS) vulnerability through improper html sanitization on rendered tooltips."

Language: JS

Severity Score

Related Resources (3)

https://github.com/c3js/c3/issues/1536
https://github.com/c3js/c3/commit/de3864650300488a63d0541620e9828b00e94b42
https://www.mend.io/vulnerability-database/WS-2016-0048

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version youshido/admin - 0.0.1;youshido/admin - no_fix;nisimpo/auth - no_fix;o2relax/laravel-shop - no_fix;yii2mod/yii2-c3-chart - 1.0;msbios/cpanel - v1.0.48;msbios/cpanel - no_fix;msbios/cpanel - v1.0.44;intelogie/c3 - 0.1.1;fedorov-aleksey/yii2-package-theme-absolute-admin - v1.0.2;fedorov-aleksey/yii2-package-theme-absolute-admin - no_fix;topazcms/core - no_fix;auth0/wordpress - 4.0.0;awsmug/torro-forms - 1.0.8;awsmug/torro-forms - 1.0.0-beta.10;awsmug/torro-forms - 1.0.0-beta.8;awsmug/torro-forms - 1.0.0-beta.6;brt/blog-bundle - no_fix;brt/blog-bundle - 0.8.1;brt/blog-bundle - 0.8.0;brt/blog-bundle - 0.8.3.2;pantech/retailak-fashion - no_fix;fastd/asset-bundle - no_fix;benmacha/templatebundle - 1.0.3.5;benmacha/templatebundle - 1.0.0;hotspotbilling/phpnuxbill - 2024.2.26;hotspotbilling/phpnuxbill - dev-NewSystem;hotspotbilling/phpnuxbill - dev-newRadius;CloudSu.UI.Theme.Uplon - no_fix;c3 - 0.4.11;centreon/centreon - dev-DEVOPS-automate-dependabot3;centreon/centreon - 2.7.1;centreon/centreon - dev-extensions-UI;centreon/centreon - 2.7.4;centreon/centreon - dev-challengeWebService;icekristal/yii2-adminpanel-and-start-project - dev-new_desing;icekristal/yii2-adminpanel-and-start-project - 4.0;ibexa/experience-skeleton - v3.3.3;jspaine/cyii - no_fix;osidea/eosadm - 0.0.2-beta.1;osidea/eosadm - no_fix;sonlabs/php-paypal - no_fix;acosf/archersys - 1.0;torralbodavid/duck-funk-core - dev-dependabot/npm_and_yarn/decode-uri-component-0.2.2;torralbodavid/duck-funk-core - v0.4.0;ibexa/content-skeleton - v3.3.3;mauricioschmitz/homer-assets - no_fix;lanos/yetiweb - no_fix;ibexa/commerce-skeleton - v3.3.3;hakoncms/hakoncms - no_fix;c3 - no_fix;BaseModule - no_fix;bizytech/auth - no_fix;mohammadsaleh/spider-app - 2.1;handledeck/est-tools - no_fix;demyanenkomaks/yii2-base - 2.0.0;symfomany/laravelcinema - no_fix;centurion/app - no_fix;rutatiina/ui - no_fix;zantolov/appbundle - v0.1;zantolov/appbundle - no_fix;m-comscience/yii2-homer-asset - no_fix;org.infinispan:infinispan-management-console:9.0.0.Alpha0;org.webjars.bower:c3-angular:1.3.1;org.webjars.bower:patternfly:2.10.0;org.webjars.bower:patternfly:2.2.0;org.webjars.bower:patternfly:2.5.0;org.webjars.npm:adminlte-reactjs:no_fix;org.uberfire:showcase-distribution-wars:7.40.0.Final;org.uberfire:showcase-distribution-wars:7.40.0.Final;org.webjars.npm:patternfly:3.3.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us