MEDIUM 5.4
GHSA-q4q5-c5cv-2p68
Vuetify Cross-site Scripting vulnerability
Details
The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.
Are you affected?
Enter the version of the package you're using.
Affected packages
Maven / org.webjars.npm:vuetify
Introduced in:
2.0.0-beta.4 Fixed in: 2.6.10 Fix
# pom.xml: bump <version>2.6.10</version> for org.webjars.npm:vuetify References
- https://nvd.nist.gov/vuln/detail/CVE-2022-25873 [ADVISORY]
- https://github.com/vuetifyjs/vuetify/issues/15757 [WEB]
- https://github.com/vuetifyjs/vuetify/commit/ade1434927f55a0eccf3d54f900f24c5fa85a176 [WEB]
- https://codepen.io/5v3n-08/pen/MWGKEjY [WEB]
- https://github.com/vuetifyjs/vuetify [PACKAGE]
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBVUETIFYJS-3024407 [WEB]
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3024406 [WEB]
- https://security.snyk.io/vuln/SNYK-JS-VUETIFY-3019858 [WEB]