CVE-2025-15372 youlaitech vue3-element-admin Notice index.vue cross site scripting

A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

EUVD-2025-205582

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

EUVD-2025-198607

Malicious code in vue3-transpiler npm...

Improper Encoding or Escaping of Output

Overview element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious sites, or conduct...

szluyu99 gin-vue-blog 安全漏洞

szluyu99 gin-vue-blog is a Golang full-stack blog by Zhenyu personal developer, supporting Docker Compose one-click deployment. Based on the latest front-end and back-end technology stack Vue3, TS, Unocs, Redis and so on. The front-end contains a blog post display front , blog background manageme...

Malicious code in pokedex-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 23c03b4e03986cba75894fb0016bc2e1feb0c72ef2c06287030498b8f7a48ea1 The OpenSSF Package Analysis project identified 'pokedex-vue3' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

@nokecy/qc-ui (>=0.4.7 <=0.9.6), ag-grid-charts-enterprise (=32.0.0) +3 more potentially affected by CVE-2024-39001 via ag-grid-community (=32.0.0)

ag-grid-community NPM version =32.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ag-grid-community and may be impacted: - @nokecy/qc-ui =0.4.7, =0.9.6 - ag-grid-charts-enterprise =32.0.0 - ag-grid-enterprise =32.0.0 - ag-grid-react =32.0.0 -...

Malicious code in @expue/vue3-renderer (npm)

--- -= Per source details. Do not edit below this line.=-...

ChatGPT Web Cross-Site Scripting Vulnerability

ChatGPT Web is a ChatGPT presentation page built with Express and Vue3 by Redon Personal Developer. A cross-site scripting vulnerability exists in ChatGPT Web version 2.11.1, which stems from a cross-site scripting XSS vulnerability in the parameter Description...

Element Plus 跨站脚本漏洞

Element Plus is an open source Vue.js 3 UI library from the China Element Plus organization. A cross-site scripting vulnerability exists in Element Plus version 2.0.5, which stems from a lack of filtering and escaping of el-table-column in the application...