← volver
CVE-2024-6783

Vue client-side XSS via prototype pollution

CVSS 4.8 MEDIUMEPSS 0.5%CWE-79
A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Productos afectados
vue · vue

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/advisories/GHSA-g3ch-rx76-35fxhttps://www.herodevs.com/vulnerability-directory/cve-2024-6783https://www.herodevs.com/vulnerability-directory/cve-2024-6783---vue-client-side-xss