Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Veracode
Veracodeadded 2024/08/06 6:54 a.m.8 views

Cross-Site Scripting (XSS)

nuxt is vulnerable to a Cross-site Scripting XSS. nuxt is vulnerable to a Cross-site Scripting XSS. The vulnerability is due to improper handling of the javascript: protocol in the navigateTo function, which fails to correctly parse and block malformed URLs due to improper usage of the unjs/ufo...

6.3CVSS6.3AI score0.00411EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2024/08/05 8:35 p.m.77 views

CVE-2024-34343

Nuxt.js navigateTo is vulnerable to XSS due to faulty handling of the javascript: protocol. The issue stems from how Nuxt uses unjs/ufo for URL parsing: the sequence tests for a protocol, then parses with parseURL, but parsing javascript:alert(1) can return null/empty, and whitespace isn’t stripp...

6.3CVSS6.4AI score0.00411EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2024/08/05 8:35 p.m.25 views

CVE-2024-34343 Cross-site Scripting (XSS) in navigateTo if used after SSR in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. The function first...

6.3CVSS0.00411EPSS
Exploits1References1
OSV
OSVadded 2024/08/05 7:49 p.m.2 views

GHSA-VF6R-87Q4-2VJF nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR

Summary The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. Details The function first tests to see if the specified URL has a protocol. This uses the unjs/ufo package for URL...

6.3CVSS5.9AI score0.00411EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2024/08/05 7:49 p.m.18 views

nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR

Summary The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. Details The function first tests to see if the specified URL has a protocol. This uses the unjs/ufo package for URL...

6.3CVSS6.3AI score0.00411EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2024/08/05 12:0 a.m.4 views

PT-2024-25800 · Unjs/Ufo +1 · Unjs/Ufo +1

Name of the Vulnerable Software and Affected Versions: Nuxt versions prior to 3.12.4 Description: The navigateTo function does not correctly use APIs provided by unjs/ufo, leading to parsing discrepancies. The function first checks if a URL has a protocol using the unjs/ufo package, which works...

6.3CVSS6.4AI score0.00411EPSS
Exploits1References7
Rows per page
Query Builder