CNNVD-202601-819 Information

CNNVD ID

CNNVD-202601-819

Related CVE

CVE-2025-65110

• CNNVD Published: 2026-01-05

Description (Chinese)

Vega是Vega团队的一个基于Javscript可用来创建交互式可视化展示的软件。该软件可使用JSON格式描述数据可视化，并使用HTML5 Canvas或SVG生成交互式视图。 Vega 6.1.2之前版本和5.6.3之前版本存在跨站脚本漏洞，该漏洞源于用户定义Vega JSON定义处理不当，可能导致任意JavaScript代码执行。

Description (English)

Vega is a software based on Javscript used by the Vega team to create interactive visualization presentations. The software can describe data visualization in JSON format and generate interactive views using HTML5 Canvas or SVG. PreVega 6.1.2 and pre-5.6.3 had a cross-site script loophole, which stemmed from the inappropriate handling of the user definition of Vega JSON, which could lead to arbitrary JavaScript code implementation.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Vega

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/vega/vega/security/advisories/GHSA-829q-m3qg-ph8r

Patch

https://github.com/vega/vega/releases