CVE-2024-6783

EUVD-2024-2341
A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
vuejsvue
2.0.0 ≤
𝑥
≤ 2.7.16
ADP
Common Weakness Enumeration
References
https://www.herodevs.com/vulnerability-directory/cve-2024-6783
https://github.com/advisories/GHSA-g3ch-rx76-35fx
https://www.herodevs.com/vulnerability-directory/cve-2024-6783---vue-client-side-xss