{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1513", "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6", "state": "PUBLISHED", "assignerShortName": "naver", "dateReserved": "2026-01-28T01:21:02.116Z", "datePublished": "2026-01-28T01:28:23.567Z", "dateUpdated": "2026-01-29T15:22:06.409Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "billboard.js", "vendor": "NAVER", "versions": [{"status": "unaffected", "version": "3.18.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jesper den Boer"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.<br>"}], "value": "billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6", "shortName": "naver", "dateUpdated": "2026-01-28T01:28:23.567Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://cve.naver.com/detail/cve-2026-1513.html"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T14:46:29.933678Z", "id": "CVE-2026-1513", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T15:22:06.409Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-1513", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-28T14:46:29.933678Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T14:47:06.241Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Jesper den Boer"}], "affected": [{"vendor": "NAVER", "product": "billboard.js", "versions": [{"status": "unaffected", "version": "3.18.0"}], "defaultStatus": "affected"}], "references": [{"url": "https://cve.naver.com/detail/cve-2026-1513.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.", "supportingMedia": [{"type": "text/html", "value": "billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6", "shortName": "naver", "dateUpdated": "2026-01-28T01:28:23.567Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1513", "state": "PUBLISHED", "dateUpdated": "2026-01-29T15:22:06.409Z", "dateReserved": "2026-01-28T01:21:02.116Z", "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6", "datePublished": "2026-01-28T01:28:23.567Z", "assignerShortName": "naver"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:naver:billboard.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "37EE82A8-0A1B-4082-9C82-4653E6B987AE", "versionEndExcluding": "3.18.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding."}], "id": "CVE-2026-1513", "lastModified": "2026-02-02T15:52:36.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-28T02:16:00.310", "references": [{"source": "cve@navercorp.com", "tags": ["Vendor Advisory"], "url": "https://cve.naver.com/detail/cve-2026-1513.html"}], "sourceIdentifier": "cve@navercorp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cve@navercorp.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:47:04.848536+00:00", "value": {"mitigation_remediation": ["Upgrade Billboard.js to version 3.18.0 or later to eliminate the vulnerability.", "If an upgrade is not immediately possible, stop exposing the vulnerable library to untrusted input by sanitizing or removing chart options that can be supplied by external users.", "Consider implementing a content security policy that restricts inline script execution and disallows eval\u2011style JavaScript to mitigate potential injection attacks until a patch is deployed."], "summary": {"action": "Immediate patch", "impact": "Remote code execution (client\u2011side JavaScript injection)"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all implementations of the Naver Billboard.js JavaScript charting library before version 3.18.0. No specific third\u2011party products or additional module versions are listed, so any web application that includes this library version is potentially exposed.", "description_and_impact": "Billboard.js versions prior to 3.18.0 allow an attacker to inject arbitrary JavaScript code by providing specially crafted chart option values. The vulnerability arises from inadequate input sanitization during the option binding phase, enabling malicious scripts to run within the context of a page that loads the library. This can compromise user data, session information, or allow further attacks such as phishing or data exfiltration if an attacker can persuade the target to view a page containing the vulnerable library.", "risk_and_exploitability": "The CVSS score of 6.1 reflects a medium\u2011severity flaw with a client\u2011side attack vector. EPSS indicates a very low likelihood of exploitation (<1%), and the vulnerability is not present in the CISA Known Exploited Vulnerabilities catalog, suggesting it has not yet been widely abused. The attack requires that the victim load a page incorporating the vulnerable library and that the attacker can supply or manipulate the chart option input, making real\u2011world exploitation likely limited to phishing campaigns or compromised sites. Nevertheless, because the impact is client\u2011side code execution, it poses significant risks to users who may inadvertently run malicious scripts."}}}}, "created": "2026-01-28T12:21:40.869767+00:00", "title": "Client\u2011Side Script Injection via Unsanitized Chart Options in Billboard.js", "updated": "2026-04-18T02:00:10.458269+00:00", "vendors": ["naver", "naver$PRODUCT$billboard.js"]}