Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2022-25929

Description

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.

POC

Reference

- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-3177369

- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-3177368

- https://security.snyk.io/vuln/SNYK-JS-SMOOTHIE-3177364

Github

No PoCs found on GitHub currently.