252 matches found
CVE-2025-8082
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...
CVE-2025-8082 Vuetify XSS via unsanitized 'titleDateFormat' in 'VDatePicker'
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...
CVE-2025-8082 Vuetify XSS via unsanitized 'titleDateFormat' in 'VDatePicker'
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...
CVE-2025-8082
Vuetify CVE-2025-8082 affects the VDatePicker component where the title-date-format property can output user-generated content which is assigned to innerHTML without sanitization, enabling Cross-Site Scripting. Affected versions are Vuetify 2.0.0 and above up to, but not including, 3.0.0. The iss...
PT-2025-50969
Name of the Vulnerable Software and Affected Versions Vuetify versions 2.2.0-beta.2 through 3.0.0-alpha.10 Description The Preset configuration feature of Vuetify is susceptible to Prototype Pollution due to the 'mergeDeep' utility function used for merging options with defaults. A malicious pres...
vuetify 安全漏洞
vuetify is a material component framework for Vue open-sourced by vuetify Germany. A security vulnerability exists in vuetify version 2.2.0-beta.2 through versions prior to 3.0.0-alpha.10, which stems from a prototype contamination in the Preset configuration, which could result in contaminating...
PT-2025-50965
Name of the Vulnerable Software and Affected Versions Vuetify versions 2.0.0 through 2.9.9 Description A flaw exists in the 'VDatePicker' component of Vuetify that allows unsanitized HTML to be inserted into a webpage. This is due to the improper handling of the 'title-date-format' property, whic...
Vuetify 安全漏洞
vuetify is a material component framework for Vue open sourced by vuetify Germany. A security vulnerability exists in Vuetify version 2.0.0 up to versions prior to 3.0.0, which stems from cross-site scripting in the VDatePicker component that may result in the injection of uncleaned HTML...
Malicious code in await-jwt-vuetify-event (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd21812b96907664c208aee1e22aaf7d46e2eaf9437d6f4a0c8a6f0731f689fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178759
Malicious code in gatsby-interstellarmedium-vuetify-procyon npm...
EUVD-2025-177437
Malicious code in ophiuchus-vuetify-schema-ursa npm...
EUVD-2025-175675
Malicious code in vuetify-thermochronology-csv-cryovolcano npm...
EUVD-2025-176073
Malicious code in tailwindcss-bulma-vuetify-zenobia npm...
EUVD-2025-177963
Malicious code in mantle-galaxy-vuetify-pm2 npm...
Malicious code in gatsby-fornax-nuxtjs-vuetify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17493a8c27f8742691d5fb50ff801a6a531114bb0524fe9605d6af16d32780de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176744
Malicious code in registry-relay-electron-builder-vuetify npm...
EUVD-2025-179259
Malicious code in dotenv-safe-norma-vuetify-paleomagnetism npm...
EUVD-2025-175674
Malicious code in vuetify-xanadu-stratigraphy-sedimentology npm...
Malicious code in hadron-vuetify-astrophysics-prompts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a023aa918b6df89cf02b3fb9cbff1e261dbb97330b127160a907246a48e94bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179456
Malicious code in css-minimizer-webpack-plugin-vuetify-ichnology-redshift npm...