Cross-site Scripting (XSS)

Nuxt DevTools is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of proper input validation, where an attacker can inject malicious code and extract Nuxt auth tokens under certain configurations...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...

@andor83/mother-may-i (>=1.0.1 <=1.0.10), @bloggrify/bento (>=0.9.1 <=1.0.0) +46 more potentially affected by CVE-2025-52662 via @nuxt/devtools (>=0.1.6 <=2.6.3)

@nuxt/devtools NPM version =0.1.6, =1.0.1, =0.9.1, =1.1.1, =1.0.1, =1.1.0, =0.0.4, =8.3.3, =1.1.1, =0.0.1, =0.3.14, =9.8.3, =1.12.0-rc.5, =0.0.1, =0.0.3 and more Source cves: CVE-2025-52662 Source advisory: OSV:GHSA-XMQ3-Q5PM-RP26...

EUVD-2025-38187

Nuxt DevTools vulnerable to cross-site scripting XSS...

GHSA-XMQ3-Q5PM-RP26 Nuxt DevTools vulnerable to cross-site scripting (XSS)

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade...

Nuxt DevTools vulnerable to cross-site scripting (XSS)

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade...

@dargmuesli/nuxt-vio (>=16.0.5 <=18.3.14) potentially affected by CVE-2025-52662 via @nuxt/devtools (>=2.0.0 <=2.6.3)

@nuxt/devtools NPM version =2.0.0, =16.0.5, =18.3.14 Source cves: CVE-2025-52662 Source advisory: SNYK:JS-NUXTDEVTOOLS-13849298...

Cross-site Scripting (XSS)

Overview @nuxt/devtools is a Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of error messages on DevTools authentication page. An attacker can extract authentication tokens by tricking a user into interacting with maliciously crafted...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...

CVE-2025-52662

Nuxt DevTools contains an XSS vulnerability that could allow extraction of authentication tokens under certain configurations. The issue has been fixed in version 2.6.4, and users are advised to upgrade to mitigate the risk. Affected component: Nuxt DevTools; nature: cross-site scripting on the a...

PT-2025-45398

Name of the Vulnerable Software and Affected Versions Nuxt DevTools versions prior to 2.6.4 Description A flaw exists in Nuxt DevTools that could allow the extraction of Nuxt authentication tokens through a cross-site scripting XSS attack, under specific configurations. Recommendations Update to...

Nuxt DevTools 安全漏洞

Nuxt DevTools is an open source set of visualization tools from Nuxt. A security vulnerability exists in Nuxt DevTools version 2.6.4 that stems from the possibility of extracting Nuxt authentication tokens via cross-site scripting under certain configurations...

Path Traversal

@nuxt/devtools is vulnerable to Path Traversal. The vulnerability is due to missing authentication on the getTextAssetContent RPC function and a lack of Origin checks on the WebSocket handler, allowing attackers to interact with a locally running devtools instance and exfiltrate data...

CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

Nuxt Devtools has a Path Traversal: '../filedir'

Summary Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this...