CVE-2022-25873

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/vuetify

Identifiers

GHSA-q4q5-c5cv-2p68, CVE-2022-25873

Package Slug

npm/vuetify

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

The package vuetify from 2.0.0-beta.4 and before 2.6.10 is vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.

Affected Versions

All versions starting from 2.0.0-beta.4 before 2.6.10

Solution

Upgrade to version 2.6.10 or above.

Last Modified

2022-09-22

source