PT-2017-10717 · Plotly · Plotly.Js
Published
2017-07-13
·
Updated
2017-10-24
·
CVE-2017-1000006
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Plotly, Inc. plotly.js versions prior to 1.16.0
Description
The issue concerns cross-site scripting. If an attacker can convince a user to visit a malicious plot on a site using this package, affected versions of
plotly.js are vulnerable.Recommendations
Update to 1.16.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Plotly.Js