Описание
A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code.
EPSS
Процентиль: 35%
0.00142
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.2
github
больше 1 года назад
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
EPSS
Процентиль: 35%
0.00142
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79