CNNVD-202509-1226 Information
CNNVD ID
CNNVD-202509-1226
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
Element Plus是中国Element Plus组织的一个开源 Vue.js 3 UI 库。 Element Plus 2.10.6及之前版本存在安全漏洞,该漏洞源于href属性输入验证不足,可能导致跨站脚本攻击和钓鱼攻击。
Description (English)
Element Plus is an open source of the Chinese organization Element Plus. Element Plus 2.10.6 and previous versions have a security loophole, which stems from inadequate validation of href properties and may lead to cross-site script and fishing attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Elgato
Published
2025-09-09
Last Modified
2026-02-24
References
https://github.com/element-plus/element-plus/blob/dev/packages/components/link/src/link.vue https://www.npmjs.com/package/element-plus https://element-plus.org/en-US/component/link.html https://github.com/element-plus/element-plus/pull/21711 https://access.redhat.com/security/cve/cve-2025-57665
Patch
https://github.com/element-plus/element-plus/releases
Share on: