Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2018-0163
Good to know:
Date: August 29, 2017
Vue.js project before version 2.4.3 in has a possible xss vector
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version inetstudio/admin-panel - v1.5.65;inetstudio/admin-panel - dev-L-5.5;inetstudio/admin-panel - v1.5.67;inetstudio/admin-panel - dev-analysis-8nWKMG;inetstudio/admin-panel - v1.4.34;pixney/hjortron-theme - 1.4.02;pixney/hjortron-theme - 1.0.25;pixney/hjortron-theme - no_fix;novosga/novosga - dev-dependabot/composer/twig/twig-3.14.0;novosga/novosga - dev-dependabot/composer/twig/twig-2.14.11;novosga/novosga - dev-feature/novosga-v2.2;novosga/novosga - v2.0.7;novosga/novosga - dev-dependabot/composer/symfony/serializer-4.4.35;novosga/novosga - v0.5.1;novosga/novosga - dev-fix/394_deleted_priority;novosga/novosga - v2.0.0-RC1;novosga/novosga - v2.0.1;novosga/novosga - no_fix;alimranahmed/larablog - dev-dependabot/npm_and_yarn/vite-5.4.6;alimranahmed/larablog - dev-dependabot/composer/symfony/http-foundation-7.1.7;alimranahmed/larablog - dev-dependabot/npm_and_yarn/braces-3.0.3;alimranahmed/larablog - dev-dependabot/composer/spatie/image-optimizer-1.7.4;alimranahmed/larablog - dev-dependabot/composer/laravel/framework-8.75.0;alimranahmed/larablog - 4.1.0;alimranahmed/larablog - dev-174-upgrade-to-Laravel-11;alimranahmed/larablog - dev-main;alimranahmed/larablog - dev-dependabot/npm_and_yarn/rollup-4.22.4;alimranahmed/larablog - dev-dependabot/composer/league/commonmark-2.6.0;chabibnr/ayom - 2.x-dev;emohamed/form-kit - no_fix;emohamed/form-kit - v0.1.0;galloping-vijay/laravel-wjfcms - dev-dependabot/composer/laravel/framework-6.20.14;htmlburger/form-kit - v0.1.0;htmlburger/form-kit - no_fix;ddphp/webos - no_fix;timtoday/voyager-cn - no_fix;joomlatools/framework - dev-feature/274-finder;joomlatools/framework - dev-feature/277-range;joomlatools/framework - v3.4.3;joomlatools/framework - 3.4.x-dev;luzucheng59/voyager - v0.11.12;luzucheng59/voyager - 1.x-dev;visiosoft/base-theme - no_fix;streams/core - v1.1.0;streams/core - v1.2.0;streams/core - v1.6.1;streams/core - v1.4.132;streams/core - 1.6.x-dev;gabrieltakacs/voyager - dev-testing/test-mulitple-database-drivers;gabrieltakacs/voyager - v0.9.1;gabrieltakacs/voyager - dev-loginStylesAndPrimaryColor;windwalker/phoenix - dev-dependabot/npm_and_yarn/minimist-1.2.6;windwalker/phoenix - dev-dependabot/npm_and_yarn/ini-1.3.7;windwalker/phoenix - 1.4;windwalker/phoenix - dev-master;newicon/neon - v1.0.0;newicon/neon - dev-neilc-listObject-docblock;newicon/neon - dev-develop;oceing/backend - v1.0.4;oceing/backend - v3.1.1;oceing/backend - v3.1.6;oceing/backend - v5.0.1;oceing/backend - v5.0.3;oceing/backend - dev-laravel-8.x;oceing/backend - 2.x-dev;oceing/backend - dev-saas;oceing/backend - v3.0.2;oceing/backend - v1.0.2;oceing/backend - v3.1.3;hamzz/voyager - 1.x-dev;SS.Magazine - no_fix;yanev/laraadmin - no_fix;nooku/nooku-framework - dev-feature/70-buffer;nooku/nooku-framework - dev-feature/244-assets;openclassify/openclassify - dev-newcurrency;openclassify/openclassify - dev-moradi;openclassify/openclassify - dev-vedatakdogan;openclassify/openclassify - dev-queued-reset-password-email-link-issue;openclassify/openclassify - dev-mostafamoradi;openclassify/openclassify - dev-emrullahardc-patch-1;openclassify/openclassify - 3.10.x-dev;openclassify/openclassify - 4798.x-dev;openclassify/openclassify - dev-vedat;openclassify/openclassify - dev-muammertop_franch;openclassify/openclassify - dev-muammer2;openclassify/openclassify - dev-sezer;openclassify/openclassify - dev-l10n_master40;openclassify/openclassify - dev-4.0-mostafa;openclassify/openclassify - 2.0.30;openclassify/openclassify - dev-vue-compile;openclassify/openclassify - dev-muammer_alibaba;openclassify/openclassify - dev-master;openclassify/openclassify - dev-l10n_master32;openclassify/openclassify - dev-samettrans;openclassify/openclassify - dev-serdarekremcakir-patch-1;openclassify/openclassify - dev-l10n_master38;openclassify/openclassify - dev-l10n_master36;openclassify/openclassify - dev-gg-minor-changes;openclassify/openclassify - dev-fatihalp-patch-3;openclassify/openclassify - dev-revert-1341-srdr-curr;openclassify/openclassify - dev-docker;openclassify/openclassify - 4857.x-dev;openclassify/openclassify - 5881.x-dev;openclassify/openclassify - dev-img-carousel;openclassify/openclassify - dev-detached2;openclassify/openclassify - dev-vedatakd;openclassify/openclassify - dev-laravel-upgrade-10;openclassify/openclassify - dev-container-hotfix;bonnier/wp-bonnier-redirect - 4.0.0;bonnier/wp-bonnier-redirect - dev-Improve_willow_docker_local_setup;bonnier/wp-bonnier-redirect - v1.0.0;bonnier/wp-bonnier-redirect - 2.02;bonnier/wp-bonnier-redirect - dev-dependabot/composer/rmccue/requests-1.8.0;bonnier/wp-bonnier-redirect - dev-master;erenkucukersoftware/voyager - 1.x-dev;purepanel/streams-platform - v1.6.1;purepanel/streams-platform - v1.2.0;ibrand/backend - v.1.02;ibrand/backend - v1.0.0;ibrand/backend - no_fix;ibrand/backend - v3.2.1;ibrand/backend - v2.0.0;qsnh/meedu - v1.2.0;qsnh/meedu - dev-dependabot/composer/league/flysystem-1.1.4;qsnh/meedu - dev-dependabot/npm_and_yarn/path-parse-1.0.7;wutongwan/lego - 0.2.14;wutongwan/lego - 0.2.5;wutongwan/lego - 0.1.33;wutongwan/lego - 0.1.27;wutongwan/lego - 0.1.30;wutongwan/lego - 0.1.21.dev;wutongwan/lego - 0.2.x-dev;wutongwan/lego - dev-1.0-refactor;wutongwan/lego - 0.3.x-dev;wutongwan/lego - 0.1.44;wutongwan/lego - 1.0-beta.10;wutongwan/lego - 0.1.36;wutongwan/lego - dev-dependabot/npm_and_yarn/decode-uri-component-0.2.2;eugenec138/cakephp-utils - no_fix;eugenec138/cakephp-utils - v1.0.3;anhnn78/voyager - 1.x-dev;lisandrop05/voyager - 1.x-dev;guolifu/thunder - no_fix;mrcore/bootswatch-theme - no_fix;mrcore/bootswatch-theme - dev-vue;mrcore/bootswatch-theme - 5.8.1;mrcore/bootswatch-theme - 2.0.10;mrcore/bootswatch-theme - 5.8.0;idci/extra-form-bundle - dev-dependabot/npm_and_yarn/ini-1.3.7;idci/extra-form-bundle - v2.0.5;eshop_ibrand/backend - dev-feature/heng/COMMERCE-648-b-sendbird-notification-cou;eshop_ibrand/backend - dev-feature/heng/COMMERCE-718-b-the-tutorial-link-seem-be;eshop_ibrand/backend - v1.0.0;eshop_ibrand/backend - dev-bugfix/heng/COMMERCE-466-b-uiux-for-download-tutoria;dariob/cakephp-utils - v4.0.0;dariob/cakephp-utils - no_fix;dariob/cakephp-utils - v2.2.0;dariob/cakephp-utils - v1.0.0;ericvvc9/voyager - 1.x-dev;azuracast/azuracast - 0.8.0;wpzoom/social-icons-widget - dev-master;wpzoom/social-icons-widget - dev-wp58-fixes;wpzoom/social-icons-widget - 4.2.3;wpzoom/social-icons-widget - 4.2.0;fiedsch/ligaverwaltung-bundle - 0.3.0;littlerobinson/querybuilder-php - no_fix;SS.Home - no_fix;zhuitech/boot-admin - 1.2.x-dev;yangtaihua/streams-platform - v1.6.1;yangtaihua/streams-platform - v1.2.0;php300/framework - 2.2.0;php300/framework - 2.0;qobo/cakephp-utils - v2.0.0;qobo/cakephp-utils - v10.3.4;qobo/cakephp-utils - no_fix;qobo/cakephp-utils - v1.0.0;qobo/cakephp-utils - v3.0.0;qobo/cakephp-utils - v13.3.4;qobo/cakephp-utils - dev-allow-required-false-unique-true;qobo/cakephp-utils - v2.2.0;doitonlinemedia/admin - no_fix;phambinh/phambinhcms - no_fix;SS.Reward - 1.1.34-beta;itplato/phpanalysis - v3.0_release;hongyukeji/ebestmall-html - ebestmall-html;hongyukeji/ebestmall-html - no_fix;ahmadsyamim/voyager - 1.0.x-dev;artworx/omegacp - no_fix;ninjacn/voyager - 1.x-dev;larashuo/laracrud - no_fix;larashuo/laracrud - v1.0.0;vue - 2.2.2;vue - 2.4.3;eugenec137/cakephp-utils - no_fix;pixney/fiske-theme - v0.0.1-alpha;pixney/fiske-theme - 1.0.1;anomaly/streams-platform - v1.6.1;anomaly/streams-platform - 1.6.x-dev;anomaly/streams-platform - v1.2.0;anomaly/streams-platform - v1.1.0;SS.Shopping - no_fix;whb/wxyzadmin - no_fix;inhere/gearman - no_fix;littlerobinson/query-builder-bundle - v1.0;typerocket/laravel - v1.0.0-beta;typerocket/laravel - v2.1.3;typerocket/laravel - no_fix;typerocket/laravel - v2.2.2;hebrahimzadeh/voyager - 1.x-dev;3xw/cakephp-app - 3.7.0.0;3xw/cakephp-app - 3.7.0.1;3xw/cakephp-app - 4.1.0;romjkeeeen/fix-cms-core1 - no_fix;mblanch/inventory - dev-analysis-zE2xJG;mblanch/inventory - no_fix;mblanch/inventory - dev-analysis-X0bldx;cbidigital/voyager - 1.x-dev;wenkechen/voyager - 1.x-dev;itprism/prism-library - 1.21;nerio93/voyager - 1.x-dev;dwij/laraadmin - 1.0.1;griffyn/voyager - 1.x-dev;shah-newaz/redprint - 2.0.5;shah-newaz/redprint - 2.0.0;colee/yii2-vue - 1.0.3;colee/yii2-vue - 2.0.0;colee/yii2-vue - dev-dependabot/npm_and_yarn/assets/vue/karma-6.3.14;colee/yii2-vue - no_fix;vue - 2.4.3;SS.GovPublic - no_fix;jianyan74/rageframe - no_fix;pheye/voyager - v0.9.1;pheye/voyager - v0.11.0;sd25/extended-voyager - 1.x-dev;xtoyun/xtophp - 1.0.0;xtoyun/xtophp - no_fix;SS.Hits - 1.0.29;f24aalam/voyager-material - 1.x-dev;zzb.ocean.nuget.libs - no_fix;SS.Poll - 1.2.0-beta;SS.Login - no_fix;leo-unglaub/contao-vuejs - no_fix;ilhanet/erpnet-widget-resource - no_fix;luna/material-theme - no_fix;misma/laravel-mailpeek - no_fix;smohe1991/persian-voyager - dev-loginStylesAndPrimaryColor;smohe1991/persian-voyager - no_fix;smohe1991/persian-voyager - v0.9.1;smohe1991/persian-voyager - dev-testing/test-mulitple-database-drivers;webreinvent/vaahcms - 0.0.6;webreinvent/vaahcms - dev-feature/resolve-some-issue;webreinvent/vaahcms - dev-feature/database-export-and-import;foridom/backend - no_fix;foridom/backend - dev-master;xiaokus/voyager - ls;blazings.vuejs - no_fix;devuniverse/voyager - 1.x-dev;clumsy/utils - 0.8.0;Vue.js.Developers.Version - no_fix;oburatongoi/productivity - 0.0.13;oburatongoi/productivity - 0.3.26;nadminpanel/adminpanel - no_fix;SS.Payment - no_fix;luna/tjwiringa-theme - no_fix;pro-cms/voyager - 1.x-dev;SS.GovInteract - 1.0.36-beta;shjarah/voyager - 1.x-dev;zijinghua-dev/voyager - 1.x-dev;VueTemplate - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;heptacom/shopware-heptacom-amp - no_fix;notexpired/neapi - no_fix;zzhh9857/voyager - 1.0.x-dev;zzhh9857/voyager - v0.11.12;donglf681/backend - no_fix;zijinhua/voyager - 1.x-dev;craftcms/vue-asset - 1.0.0;tobyokeke/voyager - 1.x-dev;pyrocms/accelerant-theme - no_fix;pyrocms/accelerant-theme - 1.0.x-dev;semisalov/fix-cms-core - no_fix;gabootsoft/gaboot - v0.2.4;sky9th/skycms - v2.1;codebois/qrcodeslibrary - v1.0.0;chatfeed/yii2-vue-admin - no_fix;wizclumsy/utils - 0.8.0;digiwise/digirock - no_fix;tcg/voyager - 1.x-dev;voyager-admin/voyager - 1.x-dev;dfz/dola - no_fix;quetzalarc/admin-gallery - no_fix;Webgamex.Comment - no_fix;doode/voyager - 1.x-dev;mrpk-dev/voyager - 1.x-dev;moxyrus/voyager - 1.x-dev;SS.Photo - 1.1.3-beta;devig/voyager - v1.0.0;trrtly/backend - no_fix;SS.Form - 2.0.1-beta;visiosoft/streams-platform - v1.2.0;visiosoft/streams-platform - v1.6.1;org.webjars.npm:github-com-vuejs-vue:2.4.4;org.webjars.bower:vue:2.2.6;org.webjars.bower:vue:2.3.4;org.webjars.bowergithub.vuejs:vue:2.3.0;org.webjars.npm:vue:2.5.2;org.webjars.npm:github-com-mescroll-mescroll:no_fix;org.webjars:vue:2.5.2
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |