vxe-table@3.0.0-beta.7 vulnerabilities

一个基于 vue 的 PC 端表格组件,支持增删改查、虚拟树、列拖拽,懒加载、快捷菜单、数据校验、树形结构、打印导出、自定义模板、渲染器、JSON 配置式...

  • latest version

    4.6.25

  • latest non vulnerable version

  • first published

    5 years ago

  • latest version published

    20 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the vxe-table package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    vxe-table is a 一个基于 vue 的 PC 端表格组件,支持增删改查、虚拟树、列拖拽,懒加载、快捷菜单、数据校验、树形结构、打印导出、自定义模板、渲染器、JSON 配置式...

    Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the export function. An attacker can inject malicious scripts by manipulating the inputValue argument.

    How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

    Upgrade vxe-table to version 3.8.5 or higher.

    <3.8.5