npm package
element-plus
pkg:npm/element-plus
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-57665 | — | <= 2.11.0 | — | Sep 9, 2025 | Element Plus Link component (el-link) through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor element | ||
| CVE-2022-27103 | — | < 2.0.6 | 2.0.6 | Apr 25, 2022 | element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. |
- CVE-2025-57665Sep 9, 2025affected <= 2.11.0
Element Plus Link component (el-link) through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor element
- CVE-2022-27103Apr 25, 2022affected < 2.0.6fixed 2.0.6
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.