Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when performing translations with `escapeParameterHtml` set to true. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting malicious payloads into translation strings that are rendered using `v-html`, despite HTML escaping being enabled. How to fix Cross-site Scripting (XSS)? Upgrade `vue-i18n` to version 9.14.5, 10.0.8, 11.1.10 or higher.	<9.14.5>=10.0.0-alpha.1 <10.0.8>=11.0.0-beta.0 <11.1.10
H Prototype Pollution vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Prototype Pollution through the `handleFlatJson` function due to improper input validation. An attacker can introduce or modify properties within the global prototype chain, potentially causing denial of service or escalating to execute arbitrary commands within the application's context if the polluted property interacts with sensitive Node.js APIs like `exec` or `eval`. How to fix Prototype Pollution? Upgrade `vue-i18n` to version 9.14.3, 10.0.6, 11.1.2 or higher.	>=9.1.0 <9.14.3>=10.0.0-alpha.1 <10.0.6>=11.0.0-beta.0 <11.1.2

Cross-site Scripting (XSS)

vue-i18n is an Internationalization plugin for Vue.js

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when performing translations with escapeParameterHtml set to true. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting malicious payloads into translation strings that are rendered using v-html, despite HTML escaping being enabled.

How to fix Cross-site Scripting (XSS)?

Upgrade vue-i18n to version 9.14.5, 10.0.8, 11.1.10 or higher.

<9.14.5>=10.0.0-alpha.1 <10.0.8>=11.0.0-beta.0 <11.1.10

Prototype Pollution

vue-i18n is an Internationalization plugin for Vue.js

Affected versions of this package are vulnerable to Prototype Pollution through the handleFlatJson function due to improper input validation. An attacker can introduce or modify properties within the global prototype chain, potentially causing denial of service or escalating to execute arbitrary commands within the application's context if the polluted property interacts with sensitive Node.js APIs like exec or eval.

How to fix Prototype Pollution?

Upgrade vue-i18n to version 9.14.3, 10.0.6, 11.1.2 or higher.

>=9.1.0 <9.14.3>=10.0.0-alpha.1 <10.0.6>=11.0.0-beta.0 <11.1.2

Go back to all versions of this package