A vulnerability, which was classified as problematic , has been found in Chartbrew up to 5.0.0 . Affected is an unknown function of the file Chart.js of the component Public Dashboard Handler . The manipulation of the argument ChartDatasetConfig.legend leads to cross site scripting. This vulnerability is documented as CVE-2026-41518 . The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.