README.md

Vulnerable-VueJS

This is a repository to study attack surface of VueJS.

Many articles online talked about VueJS vulnerabilities in lengthy and wordly sentences with little example codes. Here, I aim to provide short and simple PoC codes for educational purpose.

Client-Side Vulnerabilities

All the PoCs documented here only require a browser.

1. Cross-Side Scripting (XSS)
2. Client-side Template Injection (CSTI)
3. URL Injection / Open Redirect
4. Style Injection

Server-side Vulnerabilities

Oops! VueJS is client-side front end language!

References:

• https://medium.com/@isaacwangethi30/vue-js-security-6e246a7613da
• https://github.com/azu/vue-client-side-template-injection-example