CVE-2022-27103: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 26, 2022 (updated April 11, 2023)

element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.

References

github.com/advisories/GHSA-rjvg-8v36-xv9r
github.com/asjdf/element-table-xss-test/
github.com/asjdf/element-table-xss-test/issues/1
github.com/element-plus/element-plus/commit/063c56446135176971f532bd0eb2e88a0b137d43
github.com/element-plus/element-plus/issues/6514
github.com/element-plus/element-plus/pull/6520
nvd.nist.gov/vuln/detail/CVE-2022-27103

Detect and mitigate CVE-2022-27103 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →