CNNVD-202601-820 Information
Jan 05, 2026
cve
CNNVD ID
CNNVD-202601-820
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
Vega是Vega团队的一个基于Javscript可用来创建交互式可视化展示的软件。该软件可使用JSON格式描述数据可视化,并使用HTML5 Canvas或SVG生成交互式视图。 Vega 6.1.1之前版本存在跨站脚本漏洞,该漏洞源于恶意使用内部函数,可能导致跨站脚本攻击。
Description (English)
Vega is a software based on Javscript used by the Vega team to create interactive visualization presentations. The software can describe data visualization in JSON format and generate interactive views using HTML5 Canvas or SVG. The pre-Vega 6.1.1 version had a cross-site script loophole, which stemmed from the malicious use of internal functions and could lead to cross-site script attacks.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Vega
Published
2026-01-05
Last Modified
2026-02-24
References
https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm
Patch
https://github.com/vega/vega/releases
Share on: