CNNVD-202511-1552 Information

CNNVD ID

CNNVD-202511-1552

Related CVE

CVE-2025-59840

• CNNVD Published: 2025-11-13

Description (Chinese)

Vega是Vega团队的一个基于Javscript可用来创建交互式可视化展示的软件。该软件可使用JSON格式描述数据可视化，并使用HTML5 Canvas或SVG生成交互式视图。 Vega 6.2.0之前版本存在跨站脚本漏洞，该漏洞源于使用vega库和vega.View实例时可能导致任意JavaScript代码执行。

Description (English)

Vega is a software based on Javscript used by the Vega team to create interactive visualization presentations. The software can describe data visualization in JSON format and generate interactive views using HTML5 Canvas or SVG. The pre-Vega 6.2.0 version had a cross-site script loophole, which stemmed from the use of the vega library and the vega.View examples, which could lead to arbitrary JavaScript code execution.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Vega

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/vega/vega/security/advisories/GHSA-7f2v-3qq3-vvjf

Patch

https://github.com/vega/vega/releases