Skip to main content

Plotly Js Graphing

1 CVEs product

Monthly

CVE-2026-55810 PHP HIGH PATCH This Week

Object injection in the Drupal Plotly.js Graphing contributed module (all releases 0.0.0 through 3.0.2) lets an authenticated attacker with low privileges tamper with dynamically-determined object attributes, undermining both confidentiality and integrity of the site. The flaw stems from improperly controlled modification of object properties (CWE-915), and the network-reachable, low-complexity CVSS 3.1 vector (8.1) reflects meaningful severity; however, EPSS is only 0.16% (6th percentile) and no public exploit identified at time of analysis. It is not listed in CISA KEV.

Code Injection Plotly Js Graphing
NVD
CVSS 3.1
8.1
EPSS
0.2%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Object injection in the Drupal Plotly.js Graphing contributed module (all releases 0.0.0 through 3.0.2) lets an authenticated attacker with low privileges tamper with dynamically-determined object attributes, undermining both confidentiality and integrity of the site. The flaw stems from improperly controlled modification of object properties (CWE-915), and the network-reachable, low-complexity CVSS 3.1 vector (8.1) reflects meaningful severity; however, EPSS is only 0.16% (6th percentile) and no public exploit identified at time of analysis. It is not listed in CISA KEV.

Code Injection Plotly Js Graphing
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy