vxe-table@2.0.20 vulnerabilities

一个基于 vue 的 PC 端表格组件,支持增删改查、虚拟树、列拖拽,懒加载、快捷菜单、数据校验、树形结构、打印、导入导出、自定义模板、渲染器、JSON 配置式...

Direct Vulnerabilities

Known vulnerabilities in the vxe-table package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

vxe-table is a 一个基于 vue 的 PC 端表格组件,支持增删改查、虚拟树、列拖拽,懒加载、快捷菜单、数据校验、树形结构、打印导出、自定义模板、渲染器、JSON 配置式...

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the export function. An attacker can inject malicious scripts by manipulating the inputValue argument.

How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

Upgrade vxe-table to version 3.8.5 or higher.

<3.8.5