Skip to content

neverendingsupport/nes-vuetify-cve-2025-1461

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.gitignore
.gitignore
 
 
.prettierrc
.prettierrc
 
 
README.md
README.md
 
 
index.html
index.html
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
vite.config.js
vite.config.js
 
 

Repository files navigation

Vuetify VCalendar XSS Vulnerability POC (CVE-2025-1461)

This repository contains a proof of concept demonstrating the XSS vulnerability in Vuetify's VCalendar component, specifically in the eventMoreText prop.

Vulnerability Details

  • CVE ID: CVE-2025-1461
  • Affected Versions: >=2.0.0 <3.0.0
  • Severity: Medium (4.6)
  • Category: Cross-Site Scripting (XSS)

Prerequisites

  • Node.js (v14-16)
  • npm

Installation

  1. Clone this repository:
git clone https://github.com/neverendingsupport/nes-vuetify-cve-2025-1461
cd nes-vuetify-pocs
  1. Install dependencies:
npm install

Running the POC

  1. Start the development server:
npm run dev
  1. Open your browser and navigate to http://localhost:3000

Understanding the Vulnerability

The POC demonstrates how malicious HTML/JavaScript can be injected through the eventMoreText prop of the VCalendar component. When there are more events than can be displayed, the calendar shows a "more events" link that can execute arbitrary JavaScript code.

Related Links

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages