1. Home
  2. Vulnerabilities
  3. CVE-2022-25873

CVE-2022-25873

CVSS v3.1 5.4 (Medium)
54% Progress
EPSS 0.14 % (51th)
0.14% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
Snyk
Published Date
2022-09-18 15:15:09
(2 years ago)
Updated Date
2022-09-21 12:49:39
(2 years ago)

Affected Products

Vuetifyjs

Configuration #1

    CPE23 From Up To
  Vuetifyjs Vuetify from 2.0.1 version and prior 2.6.10 version cpe:2.3:a:vuetifyjs:vuetify >= 2.0.1 < 2.6.10
  Vuetifyjs Vuetify 2.0.0 Beta4 cpe:2.3:a:vuetifyjs:vuetify:2.0.0:beta4
  Vuetifyjs Vuetify 2.0.0 Beta5 cpe:2.3:a:vuetifyjs:vuetify:2.0.0:beta5
  Vuetifyjs Vuetify 2.0.0 Beta6 cpe:2.3:a:vuetifyjs:vuetify:2.0.0:beta6
  Vuetifyjs Vuetify 2.0.0 Beta7 cpe:2.3:a:vuetifyjs:vuetify:2.0.0:beta7
  Vuetifyjs Vuetify 2.0.0 Beta8 cpe:2.3:a:vuetifyjs:vuetify:2.0.0:beta8
  Vuetifyjs Vuetify 2.0.0 Beta9 cpe:2.3:a:vuetifyjs:vuetify:2.0.0:beta9