smart-admin 代码注入漏洞

Smart-Admin is a rapid development platform developed by individual developers of 1024-lab. Versions of Smart-Admin prior to 3.29 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the file...

Vikunja Vulnerable to XSS Via Task Preview

Summary The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task Details In the TaskGlanceTooltip.vue it temporarily creates a div and sets the innerHtml to the description here. Since there is no escaping on either the server or...

MAL-2025-192421 Malicious code in vue2-amis-custom-widget123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027b467c811b36f60dc7589ccd8251ffc56de7f40345d6a471a3a550a2a8df7e The package vue2-amis-custom-widget123 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in unplugin-vue-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb2a902ee46a4ec13f75c9e5411ca04a3de1585cfb05faffe649dee54e798009 The package unplugin-vue-component was found to contain malicious code...

EUVD-2025-37271

Malicious code in unplugin-vue-component npm...

MAL-2025-49275 Malicious code in unplugin-vue-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb2a902ee46a4ec13f75c9e5411ca04a3de1585cfb05faffe649dee54e798009 The package unplugin-vue-component was found to contain malicious code...

CVE-2025-54075

Summary: CVE-2025-54075 affects @nuxtjs/mdc (Nuxt MDC) before version 0.17.2, where Markdown rendering allows a remote script-inclusion / stored XSS via injecting a tag. The vulnerability rewrites how subsequent relative URLs are resolved, enabling loading of scripts, styles, or images from atta...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-24981 Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of the props passed to the components tab. An attacker could steal sensitive data or execute requests impersonating a user by exploiting this vulnerability. PoC js Hello test import...

vxe-table 跨站脚本漏洞

vxe-table is a vue-based form/table component for PC. A cross-site scripting vulnerability exists in vxe-table version 3.7.9 and earlier, which stems from a cross-site scripting vulnerability in packages/textarea/src/textarea.js...

CVE-2022-4902 eXo Chat Application Mention ExoChatMessageComposer.vue cross site scripting

A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...