CVE-2023-1001

LOW

vxe-table < 3.7.10 - Cross-Site Scripting via inputValue Argument in vxe-textarea

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-1001. PoCs published by xuliangzhan.

AI-analyzed exploit summary This repository appears to be a legitimate project for a Vue-based table component library (vxe-table) with no exploit code or vulnerability details. The files provided are primarily configuration, documentation, and template files for issue tracking and project setup.

Description

A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123.

Exploits (1)

gitee STUB 24 stars

by xuliangzhan · javascriptpoc

https://gitee.com/xuliangzhan_admin/vxe-table/tree/3.7.10

View Code ZIP pw:eip

This repository appears to be a legitimate project for a Vue-based table component library (vxe-table) with no exploit code or vulnerability details. The files provided are primarily configuration, documentation, and template files for issue tracking and project setup.

Classification

Stub 95%

Attack Type

Other

Complexity

N/a

Reliability

N/a

Target: N/A

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 04, 2026 Full analysis →

References (5)

Core 5

Core References

Patch patch

https://gitee.com/xuliangzhan_admin/vxe-table/commit/d70b0e089740b65a22c89c106ebc4627ac48a22d

View Patch ZIP pw:eip

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.266123

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.266123

Issue Tracking issue-tracking

https://gitee.com/xuliangzhan_admin/vxe-table/issues/I8O21R

Various Sources patch

https://gitee.com/xuliangzhan_admin/vxe-table/tree/3.7.10

Scores

CVSS v3 3.5

EPSS 0.0014

EPSS Percentile 34.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (11)

npm/vxe-table 0 - 3.7.10npm

xuliangzhan/vxe-table 3.7.0

xuliangzhan/vxe-table 3.7.1

xuliangzhan/vxe-table 3.7.2

xuliangzhan/vxe-table 3.7.3

xuliangzhan/vxe-table 3.7.4

xuliangzhan/vxe-table 3.7.5

xuliangzhan/vxe-table 3.7.6

xuliangzhan/vxe-table 3.7.7

xuliangzhan/vxe-table 3.7.8

... and 1 more

Published May 24, 2024

Tracked Since Feb 18, 2026