Description
A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-1366 | A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123. |
Github GHSA |
GHSA-2qjp-fg8c-g878 | vxe-table Cross-site Scripting vulnerability |
References
History
No history.
Subscriptions
No data.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2024-08-02T05:32:46.347Z
Reserved: 2023-02-24T07:41:53.294Z
Link: CVE-2023-1001
Updated: 2024-08-02T05:32:46.347Z
Status : Deferred
Published: 2024-05-24T06:15:07.797
Modified: 2026-06-17T05:26:51.847
Link: CVE-2023-1001
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD
Github GHSA