GHSA-M3Q2-P4FW-W38M Cross-site scripting via <NoScript> slot content in Nuxt's head components
Impact Nuxt's globally registered component from @unhead/vue head components, re-exported by Nuxt wrote its default-slot content to the innerHTML of the head tag, bypassing the HTML escaping that interpolation normally applies in Vue templates. Applications that placed untrusted,...