Cross-site Scripting vulnerability with prototype pollution in vue-i18n

vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

vue-i18n 跨站脚本漏洞

vue-i18n是intlify开源的一个应用程序。 vue-i18n存在跨站脚本漏洞，该漏洞源于vue-i18n可以将语言环境信息传递给createI18n或useI18n。在开发模式下生成语言环境信息AST时，可能导致跨站脚本攻击。

N/A

N/A