CVE-2025-1461— vuetify 安全漏洞

Vuetify XSS through 'eventMoreText' prop of VCalendar

Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a  Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss  attack. The vulnerability occurs because the default Vuetify translator will return the translation key as the translation, if it can't find an actual translation. This issue affects Vuetify versions greater than or equal to 2.0.0 and less than 3.0.0. Note: Version 2.x of Vuetify is End-of-Life and will not receive any updates to address this issue. For more information see here https://v2.vuetifyjs.com/en/about/eol/ .

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

vuetify 安全漏洞

vuetify是德国vuetify开源的一个 Vue 的材质组件框架。 vuetify 3.0.0之前版本存在安全漏洞，该漏洞源于VCalendar组件eventMoreText属性未正确清理，可能导致跨站脚本攻击。

N/A

N/A