Vulnerability Description
A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://gitee.com/xuliangzhan_admin/vxe-table/commit/d70b0e089740b65a22c89c106eb
- https://gitee.com/xuliangzhan_admin/vxe-table/issues/I8O21R
- https://gitee.com/xuliangzhan_admin/vxe-table/tree/3.7.10
- https://vuldb.com/?ctiid.266123
- https://vuldb.com/?id.266123
- https://gitee.com/xuliangzhan_admin/vxe-table/commit/d70b0e089740b65a22c89c106eb
- https://gitee.com/xuliangzhan_admin/vxe-table/issues/I8O21R
- https://gitee.com/xuliangzhan_admin/vxe-table/tree/3.7.10
- https://vuldb.com/?ctiid.266123
- https://vuldb.com/?id.266123
FAQ
What is CVE-2023-1001?
CVE-2023-1001 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the c...
How severe is CVE-2023-1001?
CVE-2023-1001 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1001?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.