Vulnerability Details CVE-2021-29489
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.8%
CVSS Severity
CVSS v3 Score 7.6
CVSS v2 Score 3.5
References
Products affected by CVE-2021-29489
-
cpe:2.3:a:highcharts:highcharts:2.0.2
-
cpe:2.3:a:highcharts:highcharts:2.0.3
-
cpe:2.3:a:highcharts:highcharts:2.0.4
-
cpe:2.3:a:highcharts:highcharts:2.0.5
-
cpe:2.3:a:highcharts:highcharts:2.1.0
-
cpe:2.3:a:highcharts:highcharts:2.1.1
-
cpe:2.3:a:highcharts:highcharts:2.1.2
-
cpe:2.3:a:highcharts:highcharts:2.1.3
-
cpe:2.3:a:highcharts:highcharts:2.1.4
-
cpe:2.3:a:highcharts:highcharts:2.1.5
-
cpe:2.3:a:highcharts:highcharts:2.1.6
-
cpe:2.3:a:highcharts:highcharts:2.1.7
-
cpe:2.3:a:highcharts:highcharts:2.1.8
-
cpe:2.3:a:highcharts:highcharts:2.1.9
-
cpe:2.3:a:highcharts:highcharts:2.2.0
-
cpe:2.3:a:highcharts:highcharts:2.2.1
-
cpe:2.3:a:highcharts:highcharts:2.2.2
-
cpe:2.3:a:highcharts:highcharts:2.2.3
-
cpe:2.3:a:highcharts:highcharts:2.2.4
-
cpe:2.3:a:highcharts:highcharts:2.2.5
-
cpe:2.3:a:highcharts:highcharts:2.3
-
cpe:2.3:a:highcharts:highcharts:2.3.0
-
cpe:2.3:a:highcharts:highcharts:2.3.1
-
cpe:2.3:a:highcharts:highcharts:2.3.2
-
cpe:2.3:a:highcharts:highcharts:2.3.3
-
cpe:2.3:a:highcharts:highcharts:2.3.5
-
cpe:2.3:a:highcharts:highcharts:3.0
-
cpe:2.3:a:highcharts:highcharts:3.0.0
-
cpe:2.3:a:highcharts:highcharts:3.0.1
-
cpe:2.3:a:highcharts:highcharts:3.0.10
-
cpe:2.3:a:highcharts:highcharts:3.0.2
-
cpe:2.3:a:highcharts:highcharts:3.0.3
-
cpe:2.3:a:highcharts:highcharts:3.0.4
-
cpe:2.3:a:highcharts:highcharts:3.0.5
-
cpe:2.3:a:highcharts:highcharts:3.0.6
-
cpe:2.3:a:highcharts:highcharts:3.0.7
-
cpe:2.3:a:highcharts:highcharts:3.0.8
-
cpe:2.3:a:highcharts:highcharts:3.0.9
-
cpe:2.3:a:highcharts:highcharts:4.0.0
-
cpe:2.3:a:highcharts:highcharts:4.0.1
-
cpe:2.3:a:highcharts:highcharts:4.0.3
-
cpe:2.3:a:highcharts:highcharts:4.0.4
-
cpe:2.3:a:highcharts:highcharts:4.1.0
-
cpe:2.3:a:highcharts:highcharts:4.1.1
-
cpe:2.3:a:highcharts:highcharts:4.1.10
-
cpe:2.3:a:highcharts:highcharts:4.1.2
-
cpe:2.3:a:highcharts:highcharts:4.1.3
-
cpe:2.3:a:highcharts:highcharts:4.1.4
-
cpe:2.3:a:highcharts:highcharts:4.1.5
-
cpe:2.3:a:highcharts:highcharts:4.1.6
-
cpe:2.3:a:highcharts:highcharts:4.1.7
-
cpe:2.3:a:highcharts:highcharts:4.1.8
-
cpe:2.3:a:highcharts:highcharts:4.1.9
-
cpe:2.3:a:highcharts:highcharts:4.2.0
-
cpe:2.3:a:highcharts:highcharts:4.2.1
-
cpe:2.3:a:highcharts:highcharts:4.2.2
-
cpe:2.3:a:highcharts:highcharts:4.2.3
-
cpe:2.3:a:highcharts:highcharts:4.2.4
-
cpe:2.3:a:highcharts:highcharts:4.2.5
-
cpe:2.3:a:highcharts:highcharts:4.2.6
-
cpe:2.3:a:highcharts:highcharts:4.2.7
-
cpe:2.3:a:highcharts:highcharts:5.0.0
-
cpe:2.3:a:highcharts:highcharts:5.0.1
-
cpe:2.3:a:highcharts:highcharts:5.0.10
-
cpe:2.3:a:highcharts:highcharts:5.0.11
-
cpe:2.3:a:highcharts:highcharts:5.0.12
-
cpe:2.3:a:highcharts:highcharts:5.0.13
-
cpe:2.3:a:highcharts:highcharts:5.0.14
-
cpe:2.3:a:highcharts:highcharts:5.0.2
-
cpe:2.3:a:highcharts:highcharts:5.0.3
-
cpe:2.3:a:highcharts:highcharts:5.0.4
-
cpe:2.3:a:highcharts:highcharts:5.0.5
-
cpe:2.3:a:highcharts:highcharts:5.0.6
-
cpe:2.3:a:highcharts:highcharts:5.0.7
-
cpe:2.3:a:highcharts:highcharts:5.0.8
-
cpe:2.3:a:highcharts:highcharts:5.0.9
-
cpe:2.3:a:highcharts:highcharts:6.0.0
-
cpe:2.3:a:highcharts:highcharts:6.0.1
-
cpe:2.3:a:highcharts:highcharts:6.0.2
-
cpe:2.3:a:highcharts:highcharts:6.0.3
-
cpe:2.3:a:highcharts:highcharts:6.0.4
-
cpe:2.3:a:highcharts:highcharts:6.0.5
-
cpe:2.3:a:highcharts:highcharts:6.0.6
-
cpe:2.3:a:highcharts:highcharts:6.0.7
-
cpe:2.3:a:highcharts:highcharts:6.1.0
-
cpe:2.3:a:highcharts:highcharts:6.1.1
-
cpe:2.3:a:highcharts:highcharts:6.1.2
-
cpe:2.3:a:highcharts:highcharts:6.1.3
-
cpe:2.3:a:highcharts:highcharts:6.1.4
-
cpe:2.3:a:highcharts:highcharts:6.2.0
-
cpe:2.3:a:highcharts:highcharts:7.0.0
-
cpe:2.3:a:highcharts:highcharts:7.0.1
-
cpe:2.3:a:highcharts:highcharts:7.0.2
-
cpe:2.3:a:highcharts:highcharts:7.0.3
-
cpe:2.3:a:highcharts:highcharts:7.1.0
-
cpe:2.3:a:highcharts:highcharts:7.1.1
-
cpe:2.3:a:highcharts:highcharts:7.1.2
-
cpe:2.3:a:highcharts:highcharts:7.1.2.999
-
cpe:2.3:a:highcharts:highcharts:7.1.3
-
cpe:2.3:a:highcharts:highcharts:7.2.0
-
cpe:2.3:a:highcharts:highcharts:7.2.1
-
cpe:2.3:a:highcharts:highcharts:7.2.2
-
cpe:2.3:a:highcharts:highcharts:8.0.0
-
cpe:2.3:a:highcharts:highcharts:8.0.1
-
cpe:2.3:a:highcharts:highcharts:8.0.2
-
cpe:2.3:a:highcharts:highcharts:8.0.3
-
cpe:2.3:a:highcharts:highcharts:8.0.4
-
cpe:2.3:a:highcharts:highcharts:8.1.0
-
cpe:2.3:a:highcharts:highcharts:8.1.1
-
cpe:2.3:a:highcharts:highcharts:8.1.2
-
cpe:2.3:a:highcharts:highcharts:8.2.0
-
cpe:2.3:a:highcharts:highcharts:8.2.2
-
cpe:2.3:a:netapp:cloud_backup:-
-
cpe:2.3:a:netapp:oncommand_insight:-
-
cpe:2.3:a:netapp:oncommand_workflow_automation:-
-
cpe:2.3:a:netapp:snapcenter:-