How severe is CVE-2025-1461?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2025-1461?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-1461 - MEDIUM Severity | CVSS 5.6

Vulnerability Description

Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the default Vuetify translator will return the translation key as the translation, if it can't find an actual translation. This issue affects Vuetify versions greater than or equal to 2.0.0 and less than 3.0.0. Note: Version 2.x of Vuetify is End-of-Life and will not receive any updates to address this issue. For more information see here https://v2.vuetifyjs.com/en/about/eol/ .

Related Vulnerabilities

CVE-2016-8924

MEDIUM

CVSS:5.6(Medium)

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit thi...

CWE-792016

CVE-2021-3672

MEDIUM

CVSS:5.6(Medium)

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Dom...

CWE-792021

CVE-2022-3231

MEDIUM

CVSS:5.6(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.

CWE-792022

CVE-2024-0640

MEDIUM

CVSS:5.6(Medium)

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app...

CWE-792024

CVE-2025-1647

MEDIUM

CVSS:5.6(Medium)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before...

CWE-792025

CVE-2025-26158

MEDIUM

CVSS:5.6(Medium)

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to ex...

CWE-792025