Browse all 4 CVE security advisories affecting intlify. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Intlify is an internationalization framework for Vue.js applications that enables developers to manage multilingual content and localization. Historically, the project has been affected by multiple cross-site scripting (XSS) vulnerabilities, allowing attackers to execute malicious scripts in user browsers. While no privilege escalation or remote code execution flaws have been publicly documented, the four CVEs recorded primarily stem from improper input sanitization in template rendering functions. The project maintains a moderate security profile with regular updates addressing identified issues, though developers should implement additional content security policies to mitigate potential XSS risks when deploying Intlify in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-53892 | Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror — vue-i18nCWE-79 | 6.1AI | MediumAI | 2025-07-16 |
| CVE-2025-27597 | Vue I18n Prototype Pollution in `handleFlatJson` — vue-i18nCWE-1321 | 9.8 | - | 2025-03-07 |
| CVE-2024-52810 | Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4 — vue-i18nCWE-1321 | 9.1 | - | 2024-11-29 |
| CVE-2024-52809 | Cross-site Scripting vulnerability with prototype pollution in vue-i18n — vue-i18nCWE-79 | 6.1 | - | 2024-11-29 |
This page lists every published CVE security advisory associated with intlify. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.