Open Redirect

Nuxt is vulnerable to open redirect. The vulnerability is due to improper validation of path-normalized URLs in navigateTo, where specially crafted paths can bypass external-host checks after normalization, allowing attackers to redirect users to malicious websites and facilitate phishing attacks...

EUVD-2026-38379

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when...

CVE-2026-56698

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when...

CVE-2026-56698

Nuxt CVE-2026-56698 affects Nuxt 4.0.0–4.4.6 and 3.x up to 3.21.6 (versions before the fixed releases). The navigateTo open option fails to validate script-capable URLs, allowing attacker-controlled javascript: URLs to execute arbitrary scripts in the application's origin when user input is passe...

EUVD-2026-38375

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to...

GHSA-C9CV-MQ2M-PPP3 Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

Summary Three weaknesses in Nuxt's client-navigation URL handling, all reachable from documented public APIs navigateTo and reloadNuxtApp: 1. SSR open redirect in navigateTo via path-normalisation bypass. navigateTo decided whether a target was external by inspecting the raw input with...

Open Redirect

Overview org.webjars.npm:nuxt is a Affected versions of this package are vulnerable to Open Redirect via improper handling of URLs in the navigateTo function. An attacker can execute arbitrary scripts or redirect users to malicious sites by supplying crafted URLs that exploit path normalization a...

Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

Summary Three weaknesses in Nuxt's client-navigation URL handling, all reachable from documented public APIs navigateTo and reloadNuxtApp: 1. SSR open redirect in navigateTo via path-normalisation bypass. navigateTo decided whether a target was external by inspecting the raw input with...

NPM: Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

NPM: Nuxt: URL-handling weaknesses in navigateTo and reloadNuxtApp: SSR open redirect, client-side script execution via the open option, and protocol-relative bypass in reloadNuxtApp vulnerability discovered by ? in WordPress Npm nuxt versions 3.21.7...

PT-2026-51413

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description Nuxt contains three security issues related to client-navigation URL handling via the navigateTo and reloadNuxtApp functions. First, a server-side open redirect exists in...

CVE-2026-45669

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

CVE-2026-45669 Nuxt: Reflected XSS in `navigateTo()` external redirect

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

CVE-2026-45669 Nuxt: Reflected XSS in `navigateTo()` external redirect

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the navigateTo function when handling external redirects in server-side rendering. An attacker can execute arbitrary HTML or JavaScript in the application's origin by supplying a crafted URL containing...

GHSA-FX6J-W5W5-H468 Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

NPM: Nuxt: Reflected XSS in `navigateTo()` external redirect

NPM: Nuxt: Reflected XSS in navigateTo external redirect vulnerability discovered by ? in WordPress Npm nuxt versions = 3.4.3, = 3.21.5...

EUVD-2024-2661

Malicious code in bioql PyPI...

Cross-Site Scripting (XSS)

nuxt is vulnerable to a Cross-site Scripting XSS. nuxt is vulnerable to a Cross-site Scripting XSS. The vulnerability is due to improper handling of the javascript: protocol in the navigateTo function, which fails to correctly parse and block malformed URLs due to improper usage of the unjs/ufo...

CVE-2024-34343 Cross-site Scripting (XSS) in navigateTo if used after SSR in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. The function first...

CVE-2024-34343

Nuxt.js navigateTo is vulnerable to XSS due to faulty handling of the javascript: protocol. The issue stems from how Nuxt uses unjs/ufo for URL parsing: the sequence tests for a protocol, then parses with parseURL, but parsing javascript:alert(1) can return null/empty, and whitespace isn’t stripp...