MidnightBSD

Advisories for smoothiecharts

CVE-2022-25929

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.

Products Affected

Vendor Product Version
smoothiecharts smoothie_charts *