Unrated severityNVD Advisory· Published Oct 23, 2023· Updated Sep 11, 2024
CVE-2023-5718
CVE-2023-5718
Description
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage() API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: < 6.5.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.