Lucene search
K

4 matches found

NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-53722

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

5.4CVSS0.00198EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/12 3:13 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the NuxtLink href when attacker-controlled input is bound to the to or href properties. An attacker can execute arbitrary scripts in the context of the application by supplying a crafted javascript: or data:...

5.4CVSS5.3AI score0.00198EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 1:44 p.m.8 views

CVE-2026-53722 Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

5.1CVSS4.8AI score0.00198EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/08/05 7:48 p.m.9 views

@aneoconsultingfr/armonik-docs-theme (>=0.6.4 <=0.6.13), @cssninja/nuxt-media-viewer (>=0.0.4 <=0.0.15) +14 more potentially affected by CVE-2024-23657 via @nuxt/devtools (>=0.1.6 <=1.3.7)

@nuxt/devtools NPM version =0.1.6, =0.6.4, =0.0.4, =8.3.3, =1.1.1, =0.0.1, =2.0.2, =0.2.5, =1.0.0, =0.0.1, =0.0.0-rc.29, =0.0.1, =2.0.0, =2.1.1 and more Source cves: CVE-2024-23657 Source advisory: OSV:GHSA-RCVG-RGF7-PPPV...

8.8CVSS7.4AI score0.01143EPSS
Exploits2
Rows per page
Query Builder