VueJS

VueJS is an approachable, performant and versatile framework for building web user interfaces.

Client-Side Injection

// XSS Injection
Vue.createApp({
  template: `<div>` + userProvidedString + `</div>`
}).mount('#app')

<div v-html="userProvidedHtml"></div>

h('div', { innerHTML: this.userProvidedHtml })

<div innerHTML={this.userProvidedHtml}></div>

// Javascript protocol injection
<a :href="userProvidedUrl">click me</a>

// CSS Injection
<h1 :style="userProvidedStyles">Title</h1>

Source: VueJS - Security

vue-router

Open redirect using `///`

Example: https://example.com///attacker.com
Details: vuejs/vue-router/pull/3652
Version: <= 3.5.2

Tera

Werkzeug

Docs

OffensiveWeb

Title here

VueJS

VueJS

Client-Side Injection

vue-router

Open redirect using `///`

VueJS

VueJS#

Client-Side Injection#

vue-router#

Open redirect using ///#

VueJS

Client-Side Injection

vue-router

Open redirect using `///`