zingchart-vue

vulnerability cross-site scripting (xss)
severity 5.4
language vue
registry npm

Description

zingchart-vue is vulnerable to Cross-Site Scripting (XSS).

Steps To Reproduce

  1. Open https://github.com/zingchart/zingchart-vue
  2. Open link in about https://www.zingchart.com/docs/integrations/vue
  3. Open in Sandbox https://codesandbox.io/s/zingchart-vue-wrapper-example-ms7ml?from-embed
  4. Insert the xss payload in any of the values field in series in Simple.vue. EX: values: [4, '><img src=x onerror=alert(1)>', 3, 4, 5, 3, 5, 4, 11]
  5. XSS payload will get executed.