HIGH
chartbrew
CVE published 2026-06-04
CVE-2026-41518
CVE-2026-41518 is a stored cross-site scripting (XSS) vulnerability affecting Chartbrew, an open-source web application used for connecting to databases and APIs to create charts. The vulnerability exists in versions 4.9.0 through 5.0.0. An authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the `ChartDatasetConfig.legend` field. This payload is persisted in the datab [truncated]