{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.24.0" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "3.24.0" } ] } ] }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "68f3f34d125719b4767614fe0a595cc65bde1d19" } ], "repo": "https://github.com/apexcharts/apexcharts.js", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "68f3f34d125719b4767614fe0a595cc65bde1d19" } ], "repo": "https://github.com/apexcharts/apexcharts.js", "type": "GIT" } ] } ], "details": "The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.", "id": "CVE-2021-23327", "modified": "2026-04-01T23:08:56.546138645Z", "published": "2021-02-09T08:15:11.167Z", "references": [ { "type": "ADVISORY", "url": "https://snyk.io/vuln/SNYK-JS-APEXCHARTS-1062708" }, { "type": "ADVISORY", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1070616" }, { "type": "FIX", "url": "https://github.com/apexcharts/apexcharts.js/commit/68f3f34d125719b4767614fe0a595cc65bde1d19" }, { "type": "EVIDENCE", "url": "https://github.com/apexcharts/apexcharts.js/pull/2158" } ], "related": [ "SNYK-JAVA-ORGWEBJARSNPM-1070616", "SNYK-JS-APEXCHARTS-1062708" ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "type": "CVSS_V3" } ] }