EPSS
Percentile
34.5%
element-plus is vulnerable to cross-site scripting(XSS) attacks. The library does not properly sanitize the popperContent parameter in renderContent function, allowing an attacker to inject and execute malicious javascript via el-table-column.
popperContent
renderContent
el-table-column
github.com/asjdf/element-table-xss-test/
github.com/asjdf/element-table-xss-test/issues/1
github.com/element-plus/element-plus/commit/063c56446135176971f532bd0eb2e88a0b137d43
github.com/element-plus/element-plus/issues/6514
github.com/element-plus/element-plus/pull/6520