A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| vue-template-compiler(npm) | 2.0.0 | 3.0.0 | N/A |
CVSS Metrics
