Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component

Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...

CVE-2025-8082

Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...

Vuetify 安全漏洞

vuetify is a material component framework for Vue open sourced by vuetify Germany. A security vulnerability exists in Vuetify version 2.0.0 up to versions prior to 3.0.0, which stems from cross-site scripting in the VDatePicker component that may result in the injection of uncleaned HTML...

PT-2025-50965

Name of the Vulnerable Software and Affected Versions Vuetify versions 2.0.0 through 2.9.9 Description A flaw exists in the 'VDatePicker' component of Vuetify that allows unsanitized HTML to be inserted into a webpage. This is due to the improper handling of the 'title-date-format' property, whic...