Cross-site Scripting (XSS) - Generic in apexcharts/apexcharts.js


Reported on

Dec 18th 2020


apexcharts is vulnerable to Cross-Site Scripting (XSS).

Proof of Concept

  1. Install the package by following this instruction or try the live sandbox here
  2. Edit JS and insert the XSS payload below in the name field
  3. Payload: 'sales<img src=x onerror=alert(1)>'
  4. XSS payload will get executed.


An attacker is able to execute malicious scripts.

to join this conversation