[GHSA-77c8-xpc7-q24c] The built-in XY Chart plugin is vulnerable to a DOM XSS... #6715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

berkpseSICKAG wants to merge 1 commit into berkpseSICKAG/advisory-improvement-6715 from berkpseSICKAG-GHSA-77c8-xpc7-q24c

advisories/unreviewed/2026/01/GHSA-77c8-xpc7-q24c/GHSA-77c8-xpc7-q24c.json

-Original file line number
+Diff line change
@@ -1,54 +1,36 @@
     {
       "schema_version": "1.4.0",
       "id": "GHSA-77c8-xpc7-q24c",
-      "modified": "2026-01-15T15:31:17Z",
+      "modified": "2026-01-15T15:31:25Z",
       "published": "2026-01-15T15:31:17Z",
       "aliases": [
         "CVE-2026-22637"
       ],
-      "details": "The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.",
-      "severity": [
-        {
-          "type": "CVSS_V3",
-          "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L"
-        }
-      ],
-      "affected": [],
-      "references": [
-        {
-          "type": "ADVISORY",
-          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22637"
-        },
-        {
-          "type": "WEB",
-          "url": "https://sick.com/psirt"
-        },
-        {
-          "type": "WEB",
-          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
-        },
-        {
-          "type": "WEB",
-          "url": "https://www.first.org/cvss/calculator/3.1"
-        },
-        {
-          "type": "WEB",
-          "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json"
-        },
-        {
-          "type": "WEB",
-          "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf"
-        },
-        {
-          "type": "WEB",
-          "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
+      "summary": "CVE-2026-22637",
+      "details": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+      "severity": [],
+      "affected": [
+        {
+          "package": {
+            "ecosystem": "SwiftURL",
+            "name": ""
+          },
+          "ranges": [
+            {
+              "type": "ECOSYSTEM",
+              "events": [
+                {
+                  "introduced": "0"
+                }
+              ]
+            }
+          ]
         }
       ],
+      "references": [],
       "database_specific": {
-        "cwe_ids": [
-          "CWE-79"
-        ],
-        "severity": "MODERATE",
+        "cwe_ids": [],
+        "severity": "LOW",
         "github_reviewed": false,
         "github_reviewed_at": null,
         "nvd_published_at": "2026-01-15T13:16:05Z"
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-77c8-xpc7-q24c] The built-in XY Chart plugin is vulnerable to a DOM XSS... #6715

Uh oh!

Diff view

Diff view

There are no files selected for viewing

[GHSA-77c8-xpc7-q24c] The built-in XY Chart plugin is vulnerable to a DOM XSS... #6715

Are you sure you want to change the base?

Uh oh!

[GHSA-77c8-xpc7-q24c] The built-in XY Chart plugin is vulnerable to a DOM XSS... #6715

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing