Cross-site Scripting (XSS) - Generic in apexcharts/apexcharts.js
Dec 18th 2020
apexcharts is vulnerable to Cross-Site Scripting (XSS).
Proof of Concept
- Install the package by following this instruction https://apexcharts.com/docs/installation/ or try the live sandbox here https://codepen.io/apexcharts/pen/xYqyYm
JSand insert the XSS payload below in the
'sales<img src=x onerror=alert(1)>'
- XSS payload will get executed.
An attacker is able to execute malicious scripts.