EUVD-2025-16198

Malicious code in bioql PyPI...

CVE-2025-1461 Vuetify XSS through 'eventMoreText' prop of VCalendar

Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the...

PT-2025-23120 · Vuetify · Vuetify

Name of the Vulnerable Software and Affected Versions: Vuetify versions 2.0.0 through 2.x Description: The issue arises from the improper neutralization of the eventMoreText property value in the VCalendar component, allowing unsanitized HTML to be inserted into the page. This can lead to a...

CVE-2022-25873

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the 'eventName' function within the VCalendar component...

CVE-2022-25873 Cross-site Scripting (XSS)

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the 'eventName' function within the VCalendar component...

Cross-site Scripting (XSS)

Overview vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the 'eventName' function within the VCalendar component. Details Cross-site scripting or XSS is a code...