CVE-2025-8082

A flaw was found in Vuetify's VDatePicker component. This vulnerability allows unsanitized HTML to be inserted into the page, leading to a Cross-Site Scripting XSS attack via the 'title-date-format' property accepting a user-created function and assigning its output to the 'innerHTML' property...

Cross-site Scripting (XSS)

Vuetify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized HTML being assigned to the innerHTML of the VDatePicker title via the title-date-format property, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser...

Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component

Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...

EUVD-2025-203124

Vuetify has a Cross-site Scripting XSS vulnerability in the VDatePicker component...

GHSA-9W3X-85MW-4FWM Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component

Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...

Cross-site Scripting (XSS)

Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the title-date-format property in the VDatePicker component. An attacker can execute arbitrary scripts in the context of the...

CVE-2025-8082

Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...

CVE-2025-8082

Vuetify CVE-2025-8082 affects the VDatePicker component where the title-date-format property can output user-generated content which is assigned to innerHTML without sanitization, enabling Cross-Site Scripting. Affected versions are Vuetify 2.0.0 and above up to, but not including, 3.0.0. The iss...

CVE-2025-8082 Vuetify XSS via unsanitized 'titleDateFormat' in 'VDatePicker'

Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...

PT-2025-50965

Name of the Vulnerable Software and Affected Versions Vuetify versions 2.0.0 through 2.9.9 Description A flaw exists in the 'VDatePicker' component of Vuetify that allows unsanitized HTML to be inserted into a webpage. This is due to the improper handling of the 'title-date-format' property, whic...