252 matches found
Prototype Pollution
Vuetify is vulnerable to Prototype Pollution. The vulnerability is due to the internal mergeDeep utility merging user-supplied preset objects without proper safeguards, which allows an attacker to supply a crafted preset to pollute JavaScript object prototypes and potentially cause denial of...
Cross-site Scripting (XSS)
Vuetify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized HTML being assigned to the innerHTML of the VDatePicker title via the title-date-format property, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser...
GHSA-9W3X-85MW-4FWM Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...
@4kda/vuetify-cifrum-components (>=0.0.5 <=0.0.51), @4kda/vuetify-cifrum-demo-app (>=0.0.11 <=0.0.55) +1225 more potentially affected by CVE-2025-8082 via vuetify (>=2.0.0 <=3.0.0-beta.7)
vuetify NPM version =2.0.0, =0.0.5, =0.0.11, =0.0.13, =0.0.13, =0.0.13, =1.1.10, =1.0.8, =0.1.0, =0.0.1, =0.3.0, =2.0.5, =0.0.5, =0.1.0, =0.1.29 and more Source cves: CVE-2025-8082 Source advisory: OSV:GHSA-9W3X-85MW-4FWM...
EUVD-2025-203124
Vuetify has a Cross-site Scripting XSS vulnerability in the VDatePicker component...
Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...
@4kda/vuetify-cifrum-components (>=0.0.5 <=0.0.51), @4kda/vuetify-cifrum-demo-app (>=0.0.11 <=0.0.55) +1214 more potentially affected by CVE-2025-8083 via vuetify (>=2.2.0 <=2.7.2)
vuetify NPM version =2.2.0, =0.0.5, =0.0.11, =0.0.13, =0.0.13, =0.0.13, =1.1.10, =1.0.8, =0.1.0, =0.0.1, =0.3.0, =2.0.5, =0.0.5, =0.1.0, =0.1.29 and more Source cves: CVE-2025-8083 Source advisory: OSV:GHSA-3JP5-5F8R-Q2WG...
EUVD-2025-203121
Vuetify has a Prototype Pollution vulnerability...
GHSA-3JP5-5F8R-Q2WG Vuetify has a Prototype Pollution vulnerability
The Preset configuration feature of Vuetify is vulnerable to Prototype Pollution due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can...
Vuetify has a Prototype Pollution vulnerability
The Preset configuration feature of Vuetify is vulnerable to Prototype Pollution due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can...
CVE-2025-8083
The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...
Prototype Pollution
Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript...
Prototype Pollution
Overview vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript objects by...
@4kda/vuetify-cifrum-components (>=0.0.5 <=0.0.51), @4kda/vuetify-cifrum-demo-app (>=0.0.11 <=0.0.55) +1214 more potentially affected by CVE-2025-8083 via vuetify (>=2.2.0 <=2.7.2)
vuetify NPM version =2.2.0, =0.0.5, =0.0.11, =0.0.13, =0.0.13, =0.0.13, =1.1.10, =1.0.8, =0.1.0, =0.0.1, =0.3.0, =2.0.5, =0.0.5, =0.1.0, =0.1.29 and more Source cves: CVE-2025-8083 Source advisory: SNYK:JS-VUETIFY-14412764...
Cross-site Scripting (XSS)
Overview vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the title-date-format property in the VDatePicker component. An attacker can execute arbitrary scripts in the context of the user's browser by...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the title-date-format property in the VDatePicker component. An attacker can execute arbitrary scripts in the context of the...
@4kda/vuetify-cifrum-components (>=0.0.5 <=0.0.51), @4kda/vuetify-cifrum-demo-app (>=0.0.11 <=0.0.55) +1225 more potentially affected by CVE-2025-8082 via vuetify (>=2.0.0 <=3.0.0-beta.7)
vuetify NPM version =2.0.0, =0.0.5, =0.0.11, =0.0.13, =0.0.13, =0.0.13, =1.1.10, =1.0.8, =0.1.0, =0.0.1, =0.3.0, =2.0.5, =0.0.5, =0.1.0, =0.1.29 and more Source cves: CVE-2025-8082 Source advisory: SNYK:JS-VUETIFY-14412705...
CVE-2025-8083 Vuetify Prototype Pollution via Preset options
The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...
CVE-2025-8083 Vuetify Prototype Pollution via Preset options
The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...
CVE-2025-8083
Vuetify CVE-2025-8083 is a Prototype Pollution flaw in the Preset configuration feature via internal mergeDeep when merging malicious presets. Affected: Vuetify >=2.2.0-beta.2 and