Highkazupon

**Name of the Vulnerable Software and Affected Versions** Vue I18n versions 9.0.0 through 9.14.4 Vue I18n versions 10.0.0 through 10.0.7 Vue I18n versions 11.0.0 through 11.0.9 **Description** Vue I18n, an internationalization plugin for Vue.js, contains a flaw in the `escapeParameterHtml: true` option. This option is intended to prevent HTML/script injection, but fails to prevent the execution of tag-based payloads (such as `<img src=x onerror=...>`) when used with `v-html` in an HTML context. This can lead to a DOM-based Cross-Site Scripting (XSS) issue. **Recommendations** Update to Vue I18n version 9.14.5 or later. Update to Vue I18n version 10.0.8 or later. Update to Vue I18n version 11.1.0 or later.