CVE-2024-6783

ADVISORY - github

Summary

A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.

EPSS Score⁠: 0.00027 (0.058)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - github

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

1 year ago

UPDATED

9 months ago

ADVISORY IDCVE-2024-6783⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.8medium

GitHub

CREATED

1 year ago

UPDATED

11 months ago

ADVISORY IDGHSA-g3ch-rx76-35fx⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.2medium

GitLab

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CVE-2024-6783

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-79⁠CWE-937⁠

CVSS SCORE

4.8medium