Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2025/07/18 1:58 p.m.5 views

CVE-2025-53892

Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...

5.3CVSS6.5AI score0.00676EPSS
Exploits0References1
nvd
nvd
added 2025/07/16 2:15 p.m.9 views

CVE-2025-53892

Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...

5.3CVSS0.00676EPSS
Exploits0References8
cvelist
cvelist
added 2025/07/16 1:42 p.m.115 views

CVE-2025-53892 Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror

Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...

5.3CVSS0.00676EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2025/07/16 1:42 p.m.3 views

CVE-2025-53892 Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror

Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...

5.3CVSS5.9AI score0.00676EPSS
Exploits0References8
cve
cve
added 2025/07/16 1:42 p.m.30 views

CVE-2025-53892

CVE-2025-53892 (Vue I18n) describes a DOM-based XSS in the Vue I18n escapeParameterHtml: true option. Vulnerability occurs when interpolated parameters are rendered inside HTML via v-html, allowing tag-based payloads (e.g., ) to execute in versions before fixes. The advisory notes affected ranges...

5.3CVSS6.1AI score0.00676EPSS
Exploits0References8
osv
osv
added 2025/07/16 1:42 p.m.7 views

CVE-2025-53892 Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror

Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...

5.3CVSS6.4AI score0.00676EPSS
Exploits0References10
vulnersosv
vulnersosv
added 2025/07/16 4:57 a.m.5 views

org.webjars.npm:gip-recia__esco-content-menu (=0.3.4), org.webjars.npm:gip-recia__eyebrow-user-info (=0.6.2) +3 more potentially affected by CVE-2025-53892 via org.webjars.npm:vue-i18n (>=9.0.0-rc.9 <=9.14.3)

org.webjars.npm:vue-i18n MAVEN version =9.0.0-rc.9, =0.0.1, =1.12.0, =1.12.0, =1.40.2 Source cves: CVE-2025-53892 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-10771083...

5.3CVSS5.8AI score0.00676EPSS
Exploits0
Rows per page
Query Builder