CVE-2025-49223

Critical CVSS: 9.8

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Vendor

Naver

Product

Billboard.js

CWE

CWE-1321

Yayın Tarihi

2025-06-04 03:15:27

Güncelleme

2025-06-06 19:30:16

Source Identifier

cve@navercorp.com

KEV Date Added

Kategoriler

CWE-1321 Billboard.js CRITICAL Naver 2025

Referanslar

https://cve.naver.com/detail/cve-2025-49223.html

Benzer Kayıtlar

Medium

CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart…

Medium

CVE-2026-23768

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the…

Medium

CVE-2026-23769

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization ca…