What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Stored XSS.This issue affects Chartify: from n/a through <= 3.1.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Stored XSS.This issue affects Chartify: from n/a through <= 3.1.7.
Explanation of Vulnerability in Simple Terms
Chartify versions 3.1.7 and earlier contain a stored cross-site scripting (XSS) vulnerability. An authenticated administrator can inject malicious scripts that execute in other users' browsers when they view affected pages. The vulnerability requires administrator privileges and user interaction to exploit, but can compromise site integrity and steal user data.
What an attacker can do
Inject malicious scripts that run in other users' browsers when they view the site.
Potential impact on your site
Attackers with admin access can deface content, steal user sessions, or redirect visitors to malicious sites.
Conditions required to exploit
Administrator account access and victim must visit a page containing the injected script.
Key dates
External resources