GHSA-q4q5-c5cv-2p68, CVE-2022-25873
npm/vuetify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The package vuetify from 2.0.0-beta.4 and before 2.6.10 is vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.
All versions starting from 2.0.0-beta.4 before 2.6.10
Upgrade to version 2.6.10 or above.
2022-09-22
source |