Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2017-3738
Good to know:
Date: April 1, 2017
Vue-Project before version 2.3.0-beta.1 has a possible xss vulnerability.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version phambinh/phambinhcms - no_fix;lobbykit/intra - dev-analysis-zd0nPg;lobbykit/intra - v0.2.1;activelogiclabs/administration - no_fix;activelogiclabs/administration - 0.5.2;streams/core - 1.3.x-dev;streams/core - v1.1.0;streams/core - v1.2.0;andrzejkupczyk/mantis-todolists - v2.3.0;andrzejkupczyk/mantis-todolists - dev-override_http_server_restrictions;SS.Form - 2.0.1-beta;yanev/laraadmin - no_fix;moxyrus/voyager - 1.x-dev;yeswiki/yeswiki - dev-fix-mail-sendmail;yeswiki/yeswiki - dev-fix-remove-warning-in-bazar.fonct;yeswiki/yeswiki - dev-rip-carte_google;yeswiki/yeswiki - dev-sync-createur-owner-for-entry;yeswiki/yeswiki - dev-extra-fields;yeswiki/yeswiki - dev-refacto/baz_rechercher-fix1;yeswiki/yeswiki - v4.1.0;yeswiki/yeswiki - dev-fix/extension-import-namespace;yeswiki/yeswiki - dev-refacto/fix-radio-list-field;yeswiki/yeswiki - dev-custom-templates;yeswiki/yeswiki - dev-add-management-of-custom-fields;yeswiki/yeswiki - dev-fix-card-title-entry;yeswiki/yeswiki - dev-doryphore-dev;yeswiki/yeswiki - dev-fix-semantic-fields;yeswiki/yeswiki - dev-pdfjs-by-yarn;yeswiki/yeswiki - dev-auto-update-migrations;yeswiki/yeswiki - dev-improve-link-traking;yeswiki/yeswiki - dev-refactor-bazar;yeswiki/yeswiki - dev-fix-creation-empty-id_fiche;yeswiki/yeswiki - dev-refacto/baz_rechercher;yeswiki/yeswiki - dev-improve-action-builder;yeswiki/yeswiki - dev-bruno;yeswiki/yeswiki - dev-proposal-to-prevent-sql-error;yeswiki/yeswiki - dev-Issue-884;yeswiki/yeswiki - dev-dependabot/composer/nesbot/carbon-2.72.6;yeswiki/yeswiki - dev-fix-attach-picture-in-pageSpecial;yeswiki/yeswiki - dev-lint-format;yeswiki/yeswiki - dev-fix-edit-button-on-link;yeswiki/yeswiki - dev-groups;yeswiki/yeswiki - dev-aceditor-fix;yeswiki/yeswiki - dev-feat-select-entries-html;yeswiki/yeswiki - dev-enum-field-simplify-name;yeswiki/yeswiki - dev-improve-metadata-field;yeswiki/yeswiki - dev-fix-bazar-local;alimranahmed/larablog - dev-dependabot/composer/league/commonmark-2.6.0;alimranahmed/larablog - dev-dependabot/composer/spatie/image-optimizer-1.7.4;alimranahmed/larablog - dev-dependabot/npm_and_yarn/braces-3.0.3;alimranahmed/larablog - dev-dependabot/npm_and_yarn/rollup-4.22.4;alimranahmed/larablog - dev-dependabot/composer/laravel/framework-8.75.0;alimranahmed/larablog - 4.1.0;alimranahmed/larablog - dev-main;alimranahmed/larablog - dev-174-upgrade-to-Laravel-11;alimranahmed/larablog - dev-dependabot/npm_and_yarn/vite-5.4.6;alimranahmed/larablog - dev-dependabot/composer/symfony/http-foundation-7.1.7;soda-framework/cms - 0.3.1;soda-framework/cms - 0.0.1;soda-framework/cms - 0.4.1;soda-framework/cms - 0.1.1;soda-framework/cms - 0.5.1;typerocket/laravel - v2.1.5;typerocket/laravel - v2.1.3;windwalker/phoenix - dev-dependabot/npm_and_yarn/minimist-1.2.6;windwalker/phoenix - 1.3;htmlburger/form-kit - v0.1.0;htmlburger/form-kit - no_fix;novosga/novosga - dev-dependabot/composer/twig/twig-3.14.0;novosga/novosga - dev-dependabot/composer/twig/twig-2.14.11;novosga/novosga - no_fix;novosga/novosga - v0.5.1;novosga/novosga - dev-dependabot/composer/symfony/serializer-4.4.35;novosga/novosga - dev-feature/novosga-v2.2;novosga/novosga - v2.0.0-RC1;novosga/novosga - dev-fix/394_deleted_priority;novosga/novosga - v2.0.7;novosga/novosga - v2.0.1;emohamed/form-kit - no_fix;emohamed/form-kit - v0.1.0;bottelet/flarepoint - dev-dependabot/npm_and_yarn/path-parse-1.0.7;bottelet/flarepoint - dev-dependabot/npm_and_yarn/eventsource-1.1.1;bottelet/flarepoint - 1.1.4;simplon/component_mvc - no_fix;ddphp/webos - no_fix;zijinghua-dev/voyager - 0.1.x-dev;zijinghua-dev/voyager - 1.x-dev;timtoday/voyager-cn - no_fix;sodacms/sodacms - 0.4.1;sodacms/sodacms - 0.1.1;sodacms/sodacms - 0.5.1;sodacms/sodacms - 0.3.1;sodacms/sodacms - 0.0.1;larashuo/laracrud - no_fix;larashuo/laracrud - v1.0.0;nch/codeforlife - no_fix;joesama/entree - dev-nifty;joesama/entree - 3.6.x-dev;joesama/entree - no_fix;ahmadsyamim/voyager - 1.0.x-dev;artworx/omegacp - no_fix;friparia/admin - no_fix;mrpk-dev/voyager - 1.x-dev;selvinortiz/patrol - dev-craft-3;selvinortiz/patrol - 3.1.3;yangtaihua/streams-platform - v1.3.0;yangtaihua/streams-platform - v1.2.0;yela528/g9zz-voyager - v1.0;mengniang/mengniang - no_fix;stevebauman/ithub - v0.0.1;stevebauman/ithub - no_fix;purepanel/streams-platform - v1.2.0;purepanel/streams-platform - v1.3.0;chictem/chictem - v0.1.0;anomaly/streams-platform - v1.1.0;anomaly/streams-platform - 1.3.x-dev;anomaly/streams-platform - v1.2.0;talv86/easel - dev-master;luzucheng59/voyager - v0.11.12;luzucheng59/voyager - dev-analysis-zdw0Qp;luzucheng59/voyager - 1.x-dev;idci/extra-form-bundle - dev-dependabot/npm_and_yarn/ini-1.3.7;idci/extra-form-bundle - v2.0.5;vue - 2.2.2;vue - 2.3.0;wpzoom/social-icons-widget - dev-master;wpzoom/social-icons-widget - 4.2.0;wpzoom/social-icons-widget - dev-wp58-fixes;wpzoom/social-icons-widget - 4.2.3;tcg/voyager - dev-update-deps;tcg/voyager - 1.x-dev;azuracast/azuracast - 0.8.0;ingwarp/folder - no_fix;ingwarp/folder - v0.1.1;f24aalam/voyager-material - 1.x-dev;romjkeeeen/fix-cms-core1 - no_fix;lisandrop05/voyager - 1.x-dev;yadjet/yii2-rbac - no_fix;gabrieltakacs/voyager - no_fix;gabrieltakacs/voyager - v0.9.1;gabrieltakacs/voyager - v0.10.1;oburatongoi/productivity - 0.3.26;oburatongoi/productivity - 0.0.13;gabootsoft/gaboot - v0.2.4;qieangel2013/zys - 0.1.0;qieangel2013/zys - no_fix;devuniverse/voyager - 1.x-dev;orchestra/foundation - v3.3.0-BETA1;orchestra/foundation - v3.1.0;whb/wxyzadmin - no_fix;ilhanet/erpnet-widget-resource - no_fix;SS.Hits - 1.0.29;pushman/pushman - 2.0.0-beta2;pushman/pushman - no_fix;Boin.Mvc.Template - no_fix;colee/yii2-vue - 1.0.3;colee/yii2-vue - dev-dependabot/npm_and_yarn/assets/vue/karma-6.3.14;colee/yii2-vue - 2.0.0;colee/yii2-vue - no_fix;kodicms/core - v0.0.1;kodicms/core - no_fix;wizclumsy/utils - 0.8.0;fiedsch/ligaverwaltung-bundle - 0.3.0;gathernholding/yii-bootstrap-bower - no_fix;SS.Poll - 1.2.0-beta;jarves/jarves - dev-angular-es6;jarves/jarves - 0.1.0-alpha;nerio93/voyager - 1.x-dev;chandan07cse/elham - v1.0.0;ninjacn/voyager - 1.x-dev;griffyn/voyager - 1.x-dev;SS.Login - no_fix;leelam/cloudsms - no_fix;leelam/cloudsms - v0.1.5;hebrahimzadeh/voyager - 1.x-dev;adaptcms/adaptcms - 4.0;adaptcms/adaptcms - no_fix;baijunyao/laravel-bjyblog - dev-dependabot/composer/composer/composer-1.10.22;baijunyao/laravel-bjyblog - v5.5.6.1;baijunyao/laravel-bjyblog - v5.5.9.1;baijunyao/laravel-bjyblog - dev-dependabot/npm_and_yarn/minimist-1.2.6;baijunyao/laravel-bjyblog - dev-dependabot/npm_and_yarn/dns-packet-1.3.4;SS.GovInteract - 1.0.36-beta;docit/core - no_fix;wenkechen/voyager - 1.x-dev;sd25/extended-voyager - 1.x-dev;shjarah/voyager - dev-update-deps;shjarah/voyager - 1.x-dev;davestewart/sketchpad - v1.0.0-beta;pheye/voyager - v0.9.1;pheye/voyager - v0.11.0;vue.js - no_fix;x-cart-proj/x-cart-proj - no_fix;hongyukeji/ebestmall-html - 1.1.3;mrcore/bootswatch-theme - 2.0.10;mrcore/bootswatch-theme - 5.8.1;mrcore/bootswatch-theme - dev-vue;mrcore/bootswatch-theme - 5.8.0;mrcore/bootswatch-theme - no_fix;webgarden/mantisbt-todolists - v2.4.0;webgarden/mantisbt-todolists - no_fix;dwij/laraadmin - 1.0.1;smohe1991/persian-voyager - no_fix;smohe1991/persian-voyager - v0.9.1;smohe1991/persian-voyager - v0.10.1;visiosoft/streams-platform - v1.3.0;visiosoft/streams-platform - v1.2.0;verbb/patrol - dev-craft-3;verbb/patrol - 4.0.0;cbidigital/voyager - 1.x-dev;tianfuunion/mark-resources - no_fix;anla/skipper - no_fix;webreinvent/vaahcms - dev-feature/resolve-some-issue;webreinvent/vaahcms - 0.0.6;webreinvent/vaahcms - dev-feature/database-export-and-import;voyager-admin/voyager - 1.x-dev;inkwell/cms - no_fix;jasonll/phalcon_wechat - no_fix;namespace/voyager_fork - 1.x-dev;friendsofvictoire/markdown-widget - no_fix;devisephp/cms - v.2.1.0-beta.4;luna/material-theme - no_fix;zzhh9857/voyager - 1.0.x-dev;zzhh9857/voyager - v0.11.12;leo-unglaub/contao-vuejs - no_fix;Webgamex.Comment - no_fix;xiaokus/voyager - ls;dfz/dola - no_fix;krzysiekpiasecki/gentelella - no_fix;yewei-cao/noodle - dev-dependabot/npm_and_yarn/socket.io-2.4.0;yewei-cao/noodle - dev-dependabot/npm_and_yarn/y18n-3.2.2;yewei-cao/noodle - dev-dependabot/composer/symfony/http-foundation-2.7.51;yewei-cao/noodle - dev-feature/admin;yewei-cao/noodle - v0.03;yewei-cao/noodle - dev-dependabot/npm_and_yarn/elliptic-6.5.3;ericvvc9/voyager - 1.x-dev;anhnn78/voyager - 1.x-dev;vue - 2.3.0;tobyokeke/voyager - 1.x-dev;davyin/dyniva_ui - 1.x-dev;nadminpanel/adminpanel - no_fix;blazings.vuejs - no_fix;erenkucukersoftware/voyager - 1.x-dev;yhq/laravel - no_fix;bitepeng/voyager_cn - v0.11.14;hamzz/voyager - 1.x-dev;clumsy/utils - 0.8.0;semisalov/fix-cms-core - no_fix;baijunyao/laravel-bjyadmin - v3.0.0;baijunyao/laravel-bjyadmin - no_fix;heptacom/shopware-heptacom-amp - no_fix;itplato/phpanalysis - v3.0_release;talvbansal/easel - dev-master;kayrules/solatjakim-api-site - dev-version-1.0;devig/voyager - v1.0.0;doode/voyager - 1.x-dev;oakcms/oakcms - no_fix;codebois/qrcodeslibrary - v1.0.0;SS.Home - 1.0.33;zachleigh/laravel-colors - v0.3.1;3xw/cakephp-app - 3.5.0.0;craftcms/vue-asset - 1.0.0;digiwise/digirock - no_fix;pro-cms/voyager - 1.x-dev;chatfeed/yii2-vue-admin - no_fix;zijinhua/voyager - 1.x-dev;luna/tjwiringa-theme - no_fix;org.webjars.bower:vue:1.0.12;org.webjars.bower:vue:2.2.6;org.webjars.bower:vue:0.11.7;org.webjars.bower:vue:1.0.15;org.webjars.bower:vue:1.0.17;org.webjars.bower:vue:1.0.8;org.webjars.bower:vue:2.0.3;org.webjars.bowergithub.apache:incubator-echarts:4.2.1;org.webjars.bowergithub.apache:incubator-echarts:no_fix;org.webjars.bower:echarts:4.0.4;org.webjars.bower:echarts:5.3.3;org.webjars.bower:echarts:3.5.4;org.webjars.bower:echarts:3.7.1;org.webjars.npm:github-com-schmich-instascan:no_fix;org.webjars.npm:vue:2.3.0;org.webjars.bowergithub.vuejs:vue:2.3.0;org.webjars:vue:2.4.2;org.webjars.npm:github-com-vuejs-vue:2.3.3
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |