THE article discusses a recently discovered XSS vulnerability, tracked as CVE-2026-45249, in the Apache ECharts JavaScript library, particularly affecting its tooltip rendering component. This security flaw allows attackers to execute arbitrary code in users' browsers by failing to sanitize input strings, especially in versions prior to 6.1.0. Developers are urged to upgrade to version 6.1.0, which fixes the vulnerability by ensuring proper input handling, thus protecting user accounts and session tokens. The update retains existing chart customization options while enhancing security against cross-site scripting risks.
Apache ECharts XSS bug exposes session tokens, fixed in 6.1.0
CyberSIXT Evidence Panel
Article by CyberSIXT