Abze

**Name of the Vulnerable Software and Affected Versions** Vuetify versions 2.0.0 through 2.x **Description** The issue arises from the improper neutralization of the `eventMoreText` property value in the `VCalendar` component, allowing unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) attack. The vulnerability occurs because the default Vuetify translator returns the translation key as the translation if it cannot find an actual translation. **Recommendations** For versions 2.0.0 through 2.x, as these versions are End-of-Life and will not receive updates, consider migrating to a supported version of Vuetify to address this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Express (affected versions not specified) **Description** A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.