Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vuetify XSS via unsanitized 'titleDateFormat' in 'VDatePicker'
Vulnerability Description
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format' property of the 'VDatePicker' can accept a user created function and assign its output to the 'innerHTML' property of the title element without sanitization. This issue affects Vuetify versions greater than or equal to 2.0.0 and less than 3.0.0. Note: Version 2.x of Vuetify is End-of-Life and will not receive any updates to address this issue. For more information see here https://v2.vuetifyjs.com/en/about/eol/ .
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Vuetify 安全漏洞
Vulnerability Description
vuetify是德国vuetify开源的一个 Vue 的材质组件框架。 Vuetify 2.0.0版本至3.0.0之前版本存在安全漏洞,该漏洞源于VDatePicker组件存在跨站脚本,可能导致注入未清理HTML。
CVSS Information
N/A
Vulnerability Type
N/A