CVE-2025-1461

216.73.216.6

· Published 28/05/2025 18:15 · Modified 29/05/2025 14:29

Labels: CVE-2025-1461 2025-05-28 36c7be3b-2937-45df-85ea-ca7133ea542c CVE-2025-1461 CWE-79

Essential information

Published: 28/05/2025 18:15
Modified: 29/05/2025 14:29
Author: —
Creator: —
CVSS: 5.6 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS metrics

Description

Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the default Vuetify translator will return the translation key as the translation, if it can't find an actual translation. This issue affects Vuetify versions greater than or equal to 2.0.0 and less than 3.0.0. Note: Version 2.x of Vuetify is End-of-Life and will not receive any updates to address this issue. For more information see here https://v2.vuetifyjs.com/en/about/eol/ .

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 36c7be3b-2937-45df-85ea-ca7133ea542c
NVD: View on NVD

Affected products (CPE)

Product	CPE
vuetify / vuetify	`cpe:2.3:a:vuetify:vuetify:2.0.0-3.0.0:::::::*`