CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2023-26486 – Vega `scale` expression function cross site scripting
https://notcve.org/view.php?id=CVE-2023-26486
03 Mar 2023 — Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega exp... • https://github.com/vega/vega/releases/tag/v5.23.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26487 – Vega has cross-site scripting vulnerability in `lassoAppend` function
https://notcve.org/view.php?id=CVE-2023-26487
03 Mar 2023 — Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as `push` call argument. The type of the 1st argument is supposed to be an array, but it's not enforced. This makes it possible to specify any object with a `push` function as the 1st argument, `push` function can be set to any functio... • https://github.com/vega/vega/commit/01adb034f24727d3bb321bbbb6696a7f4cd91689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •