The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the ‘eventName’ function within the VCalendar component.
CPE | Name | Operator | Version |
---|---|---|---|
vuetify | ge | 2.0.1 | |
vuetify | lt | 2.6.10 | |
vuetify | eq | 2.0.0 beta4 | |
vuetify | eq | 2.0.0 beta5 | |
vuetify | eq | 2.0.0 beta6 | |
vuetify | eq | 2.0.0 beta7 | |
vuetify | eq | 2.0.0 beta8 | |
vuetify | eq | 2.0.0 beta9 |
codepen.io/5v3n-08/pen/MWGKEjY
github.com/vuetifyjs/vuetify/commit/ade1434927f55a0eccf3d54f900f24c5fa85a176
github.com/vuetifyjs/vuetify/issues/15757
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBVUETIFYJS-3024407
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3024406
security.snyk.io/vuln/SNYK-JS-VUETIFY-3019858