GHSA-XWQW-RF2Q-XMHF Cross-Site Scripting in buefy

Versions of buefy prior to 0.7.2 are vulnerable to Cross-Site Scripting, allowing attackers to manipulate the DOM and execute remote code. The autocomplete list renders user input as HTML without encoding. Recommendation Upgrade to version 0.7.2 or later...

@apok/admin (>=0.1.1-e <=0.1.1-i), @apok/admin-components-bulma (>=1.0.0 <=1.0.1-rc.12) +61 more potentially affected by unknown CVE via buefy (>=0.3.2 <=0.7.10)

buefy NPM version =0.3.2, =0.1.1-e, =1.0.0, =0.0.2, =0.1.47, =0.0.1, =0.1.0, =0.1.78, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XWQW-RF2Q-XMHF...

Cross-Site Scripting in buefy

Versions of buefy prior to 0.7.2 are vulnerable to Cross-Site Scripting, allowing attackers to manipulate the DOM and execute remote code. The autocomplete list renders user input as HTML without encoding. Recommendation Upgrade to version 0.7.2 or later...

Cross-site Scripting (XSS)

buefy is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists in b-taginput in Autocomplete.vue the use of v-html when auto-complete is set to true, allowing a malicious user to inject and execute arbitrary web scripts...

Cross-Site Scripting

Overview Versions of buefy prior to 0.7.2 are vulnerable to Cross-Site Scripting, allowing attackers to manipulate the DOM and execute remote code. The autocomplete list renders user input as HTML without encoding. Recommendation Upgrade to version 0.7.2 or later. References - GitHub Issue - GitH...