element-plus CVE Vulnerabilities & CVE List (2)

Products (CPE): — CVEs: 2

element-plus vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to element-plus, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 12 of 2 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-57665 Element Plus Link component (el-link) through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol validation, URL sanitization, or security headers. This allows attackers to inject malicious URLs using dangerous protocols (javascript:, data:, file:) or redirect users to external malicious sites. Wh [email protected] 6.4 0.21% 2025-09-09 2026-06-17
CVE-2022-27103 element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. [email protected] 6.1 0.85% 2022-04-25 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence