CVE-2024-52809

MEDIUM

Intlify Core-base < 9.14.2 - XSS

Title source: rule
STIX 2.1

Description

vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References (3)

Core 3

Scores

CVSS v4 5.3
EPSS 0.0013
EPSS Percentile 32.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (7)
intlify/core 9.3.0 - 9.14.2npm
intlify/core-base 9.3.0 - 9.14.2npm
intlify/vue-i18n < 9.14.2
intlify/vue-i18n >= 10.0.0, < 10.0.5
intlify/vue-i18n-core 9.3.0 - 9.14.2npm
npm/petite-vue-i18n 10.0.0 - 10.0.5npm
npm/vue-i18n 9.3.0 - 9.14.2npm
Published Nov 29, 2024
Tracked Since Feb 18, 2026