PT-2024-11932 · Xuliangzhan · Vxe-Table
I8O21Rxuliangzhan
·
Published
2024-05-24
·
Updated
2026-03-21
·
CVE-2023-1001
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
xuliangzhan vxe-table versions up to 3.7.9
Description
A problematic issue has been found in the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument
inputValue leads to cross-site scripting. The attack may be initiated remotely.Recommendations
For versions up to 3.7.9, upgrade to version 3.7.10 to address this issue. As a temporary workaround, consider restricting the use of the
inputValue argument in the affected component until the upgrade is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vxe-Table