Veracode Vulnerability DatabaseVERACODE:47215Cross Site Scripting(XSS)
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:L/SI:N/VA:N/SA:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
vxe-table is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to inadequate sanitization of user-supplied input within the inputValue argument of the export function in the vxe-textarea component. It allows malicious actors to execute arbitrary JavaScript code within the context of a victim’s web browser.
References
gitee.com/xuliangzhan_admin/vxe-table/commit/d70b0e089740b65a22c89c106ebc4627ac48a22d
gitee.com/xuliangzhan_admin/vxe-table/issues/I8O21R
gitee.com/xuliangzhan_admin/vxe-table/tree/3.7.10
github.com/advisories/GHSA-2qjp-fg8c-g878
github.com/x-extends/vxe-table/commit/d70b0e089740b65a22c89c106ebc4627ac48a22d
vuldb.com/?ctiid.266123
vuldb.com/?id.266123
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:L/SI:N/VA:N/SA:N
AI Score
Confidence
High
EPSS
Percentile
15.5%