Element Plus Link Component Open Redirect Vulnerability

A vulnerability in the Element Plus Link component (el-link) in versions through 2.10.6 allows for open redirect attacks. The issue arises from inadequate validation of the href attribute, which enables the injection of malicious URLs that can redirect users to harmful sites. This vulnerability could be exploited by passing untrusted URL inputs, taking advantage of the component's failure to sanitize URLs or validate protocols before rendering them in anchor elements. As a result, attackers could potentially redirect users to external malicious sites, creating a risk of phishing attacks or other harmful interactions.

Impact

Exploitation of this vulnerability allows for open redirect attacks, where users are redirected to malicious sites, potentially leading to phishing or other harmful outcomes.

Reproduction

To reproduce this vulnerability, use the Element Plus Link component and provide a user-controlled or untrusted URL as the href attribute. The injected URL can include harmful protocols like javascript:, data:, or file:. Once the link is clicked, the application will redirect to the specified URL, demonstrating the open redirect vulnerability.

Remediation

Users can update to Element Plus version 2.11.2, where this vulnerability has been addressed.