{"id":"CVE-2017-1000006","details":"Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.","aliases":["GHSA-2fqv-h3r5-m4vf"],"modified":"2026-07-08T12:05:10.985493Z","published":"2017-07-17T13:18:16.093Z","references":[{"type":"ADVISORY","url":"http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/plotly/plotly.js","events":[{"introduced":"0f7f101526d7c8c1676352fcf519e72cb5b3bf4a"},{"last_affected":"bc917acc7c0936ca2f31a9535c0f7fbec23954f6"}],"database_specific":{"cpe":["cpe:2.3:a:plotly:plotly.js:1.11.0:*:*:*:*:*:*:*","cpe:2.3:a:plotly:plotly.js:1.12.0:*:*:*:*:*:*:*","cpe:2.3:a:plotly:plotly.js:1.13.0:*:*:*:*:*:*:*","cpe:2.3:a:plotly:plotly.js:1.14.0:*:*:*:*:*:*:*","cpe:2.3:a:plotly:plotly.js:1.14.1:*:*:*:*:*:*:*","cpe:2.3:a:plotly:plotly.js:1.14.2:*:*:*:*:*:*:*","cpe:2.3:a:plotly:plotly.js:1.15.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"1.11.0"},{"last_affected":"1.11.0"},{"introduced":"1.12.0"},{"last_affected":"1.12.0"},{"introduced":"1.13.0"},{"last_affected":"1.13.0"},{"introduced":"1.14.0"},{"last_affected":"1.14.0"},{"introduced":"1.14.1"},{"last_affected":"1.14.1"},{"introduced":"1.14.2"},{"last_affected":"1.14.2"},{"introduced":"1.15.0"},{"last_affected":"1.15.0"}],"source":"CPE_STRING"}}],"versions":["1.11.0","1.12.0","1.13.0","1.14.0","1.14.1","1.14.2","1.15.0","v1.15.0","v1.14.2","v1.14.1","v1.14.0","v1.13.0","v1.12.0","v1.11.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000006.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}