Open mend-bolt-for-github[bot] opened 2 years ago
Vue Material Component Framework
Library home page: https://registry.npmjs.org/vuetify/-/vuetify-2.2.29.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/vuetify/package.json
Dependency Hierarchy: - :x: **vuetify-2.2.29.tgz** (Vulnerable Library)
Found in HEAD commit: 9f7d8ce0906c457a1bed5610547810e0f497bc55
Found in base branch: master
The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.
Publish Date: 2022-09-18
URL: CVE-2022-25873
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-25873
Release Date: 2022-09-18
Fix Resolution: 2.6.10
Step up your Open Source Security Game with Mend here
CVE-2022-25873 - Medium Severity Vulnerability
Vulnerable Library - vuetify-2.2.29.tgz
Vue Material Component Framework
Library home page: https://registry.npmjs.org/vuetify/-/vuetify-2.2.29.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/vuetify/package.json
Dependency Hierarchy: - :x: **vuetify-2.2.29.tgz** (Vulnerable Library)
Found in HEAD commit: 9f7d8ce0906c457a1bed5610547810e0f497bc55
Found in base branch: master
Vulnerability Details
The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.
Publish Date: 2022-09-18
URL: CVE-2022-25873
CVSS 3 Score Details (5.4)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-25873
Release Date: 2022-09-18
Fix Resolution: 2.6.10
Step up your Open Source Security Game with Mend here