Lucene search
PRIOn knowledge basePRION:CVE-2022-25873HistorySep 18, 2022 - 3:15 p.m.
Cross site scripting
2022-09-1815:15:00
PRIOn knowledge base
www.prio-n.com
vuetify
xss
vcalendar
input sanitization
0.001 Low
EPSS
Percentile
50.6%
The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the ‘eventName’ function within the VCalendar component.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vuetify | ge | 2.0.1 | |
| vuetify | lt | 2.6.10 | |
| vuetify | eq | 2.0.0 beta4 | |
| vuetify | eq | 2.0.0 beta5 | |
| vuetify | eq | 2.0.0 beta6 | |
| vuetify | eq | 2.0.0 beta7 | |
| vuetify | eq | 2.0.0 beta8 | |
| vuetify | eq | 2.0.0 beta9 |
References
codepen.io/5v3n-08/pen/MWGKEjY
github.com/vuetifyjs/vuetify/commit/ade1434927f55a0eccf3d54f900f24c5fa85a176
github.com/vuetifyjs/vuetify/issues/15757
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBVUETIFYJS-3024407
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3024406
security.snyk.io/vuln/SNYK-JS-VUETIFY-3019858
Related
cve
cve
CVE-2022-25873
2022-09-18 15:15:09
veracode
veracode
Cross-site Scripting (XSS)
2022-09-19 04:48:01
github
github
Vuetify Cross-site Scripting vulnerability
2022-09-19 00:00:28
osv
osv
Vuetify Cross-site Scripting vulnerability
2022-09-19 00:00:28
CVE-2022-25873
2022-09-18 15:15:09
nvd
nvd
CVE-2022-25873
2022-09-18 15:15:09
cvelist
cvelist
CVE-2022-25873 Cross-site Scripting (XSS)
2022-09-18 00:00:00