38 matches found
EUVD-2025-7792
Malicious code in bioql PyPI...
EUVD-2025-21704
Malicious code in bioql PyPI...
EUVD-2024-3455
Malicious code in bioql PyPI...
CVE-2025-53892
Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...
Cross-site Scripting (XSS)
Vue I18n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to incomplete escaping of interpolated parameters caused by the failure of the escapeParameterHtml: true option to prevent tag-based payload execution when rendered using v-html, even with minor HTML in translation strin...
vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes
Summary The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, this setting fails to prevent execution of certain tag-based payloads, such as , if the interpolated value is inserted inside an HTML context...
GHSA-X8QP-WQQM-57PH vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes
Summary The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, this setting fails to prevent execution of certain tag-based payloads, such as , if the interpolated value is inserted inside an HTML context...
CVE-2025-53892
Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...
CVE-2025-53892 Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror
Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...
CVE-2025-53892 Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror
Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...
CVE-2025-53892 Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror
Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...
CVE-2025-53892
CVE-2025-53892 (Vue I18n) describes a DOM-based XSS in the Vue I18n escapeParameterHtml: true option. Vulnerability occurs when interpolated parameters are rendered inside HTML via v-html, allowing tag-based payloads (e.g., ) to execute in versions before fixes. The advisory notes affected ranges...
Cross-site Scripting (XSS)
Overview org.webjars.bowergithub.kazupon:vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Cross-site Scripting XSS when performing translations with escapeParameterHtml set to true. An attacker can execute arbitrary JavaScript code in the...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Cross-site Scripting XSS when performing translations with escapeParameterHtml set to true. An attacker can execute arbitrary JavaScript code in the context of the...
org.webjars.npm:gip-recia__esco-content-menu (=0.3.4), org.webjars.npm:gip-recia__eyebrow-user-info (=0.6.2) +3 more potentially affected by CVE-2025-53892 via org.webjars.npm:vue-i18n (>=9.0.0-rc.9 <=9.14.3)
org.webjars.npm:vue-i18n MAVEN version =9.0.0-rc.9, =0.0.1, =1.12.0, =1.12.0, =1.40.2 Source cves: CVE-2025-53892 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-10771083...
vue-i18n 跨站脚本漏洞
vue-i18n is an application from intlify open source. A cross-site scripting vulnerability exists in vue-i18n versions prior to 9.0.0 through 9.14.5, prior to 10.0.8, and prior to 11.1.0, which stems from insufficient HTML context parameter escaping and could lead to a DOM-type cross-site scriptin...
PT-2025-29827
Name of the Vulnerable Software and Affected Versions Vue I18n versions 9.0.0 through 9.14.4 Vue I18n versions 10.0.0 through 10.0.7 Vue I18n versions 11.0.0 through 11.0.9 Description Vue I18n, an internationalization plugin for Vue.js, contains a flaw in the escapeParameterHtml: true option. Th...
CVE-2024-52809
vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to createI18n or useI18n. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions...
CVE-2025-27597
Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the...
Prototype Pollution
Overview org.webjars.bowergithub.kazupon:vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Prototype Pollution through the handleFlatJson function due to improper input validation. An attacker can introduce or modify properties within the...