Filtered by vendor Vuejs
Subscriptions
Filtered by product Devtools
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5718 | 1 Vuejs | 1 Devtools | 2024-11-21 | 4.3 Medium |
| The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource. | ||||
Page 1 of 1.