CVE-2026-53722

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

CVE-2026-53722 Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

@aneoconsultingfr/armonik-docs-theme (>=0.6.4 <=0.6.13), @cssninja/nuxt-media-viewer (>=0.0.4 <=0.0.15) +14 more potentially affected by CVE-2024-23657 via @nuxt/devtools (>=0.1.6 <=1.3.7)

@nuxt/devtools NPM version =0.1.6, =0.6.4, =0.0.4, =8.3.3, =1.1.1, =0.0.1, =2.0.2, =0.2.5, =1.0.0, =0.0.1, =0.0.0-rc.29, =0.0.1, =2.0.0, =2.1.1 and more Source cves: CVE-2024-23657 Source advisory: OSV:GHSA-RCVG-RGF7-PPPV...