CVE-2026-41518 | Chartbrew up to 5.0.0 Public Dashboard Chart.js ChartDatasetConfig.legend cross site scripting (GHSA-6q2j-365c-7gqf)

Inserito da Angelo Barbosa | Giu 4, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in Chartbrew up to 5.0.0. Affected is an unknown function of the file Chart.js of the component Public Dashboard Handler. The manipulation of the argument ChartDatasetConfig.legend leads to cross site scripting.

This vulnerability is documented as CVE-2026-41518. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-41518 | Chartbrew up to 5.0.0 Public Dashboard Chart.js ChartDatasetConfig.legend cross site scripting (GHSA-6q2j-365c-7gqf)

Post correlati

CVE-2024-28233 | JupyterHub up to 4.0.x cross site scripting

CVE-2024-0946 | 60IndexPage up to 1.8.5 Parameter /apply/index.php url server-side request forgery

CVE-2025-12826 | Custom Post Type UI Plugin up to 1.18.0 on WordPress cptui_process_post_type authorization

CVE-2026-42586 | Redis Codec Encoder crlf injection