Uploaded image for project: 'Statuspage'
  1. Statuspage
  2. STATUS-707

Vulnerable open source JS library - HIGHCHARTS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • Product - Website
    • None
    • 1
    • Severity 3 - Minor

      Issue Summary

      Vulnerable versions of high charts are being used in the statuspage
       

      Steps to Reproduce

      1. Launch the vulnerable web application in a browser.
      2. Copy the validation code from the field below.
      3. Open the browser console (usually in the developer settings).
      4. Run the validation code in the console.

       

      Validation Code:

      (function(win){if(win.Highcharts&&win.Highcharts.Point)

      {return   Unknown macro: \{version}

      ;} return false;})(window);

      Expected Results

      No Vulnerable version of the chart is to be used or use the latest version

      Actual Results

      Vulnerable versions of charts are found.

      Workaround

      Patch the JS to the latest version or use a different library.

            Unassigned Unassigned
            e36795e75cab Tejaswi G
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated: