Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/23 12:30 a.m.9 views

EUVD-2026-38378

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect...

6.1CVSS5.9AI score0.00191EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/22 11:16 p.m.7 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the reloadNuxtApp function. An attacker can redirect users to attacker-controlled hosts by injecting protocol-relative paths such as //evil.com, potentially enabling phishing attacks or theft of OAuth authorization...

9.6CVSS5.9AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.22 views

CVE-2026-56697 Nuxt - Open Redirect via Protocol-Relative Paths in reloadNuxtApp

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect...

6.1CVSS0.00191EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.4 views

CVE-2026-56697

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect...

6.1CVSS5.9AI score0.00191EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/22 9:4 p.m.13 views

CVE-2026-56697

Nuxt security note: Nuxt versions 4.0.0–4.4.6 and 3.x before 3.21.7 are affected by an open redirect in the reloadNuxtApp function. Protocol-relative paths like //evil.com pass the script-protocol check but resolve to a cross-origin URL against the current page protocol, enabling attackers to red...

6.1CVSS5.9AI score0.00191EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51416

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.x prior to 3.21.7 Nuxt versions 4.0.0 through 4.4.6 Description The reloadNuxtApp function accepts protocol-relative paths, such as //evil.com. These paths bypass the script-protocol check and resolve to a cross-origin URL base...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/06/16 1:47 p.m.13 views

NPM: Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

NPM: Nuxt: URL-handling weaknesses in navigateTo and reloadNuxtApp: SSR open redirect, client-side script execution via the open option, and protocol-relative bypass in reloadNuxtApp vulnerability discovered by ? in WordPress Npm nuxt versions 3.21.7...

6.1CVSS6AI score0.00205EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/06/16 1:47 p.m.10 views

GHSA-C9CV-MQ2M-PPP3 Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

Summary Three weaknesses in Nuxt's client-navigation URL handling, all reachable from documented public APIs navigateTo and reloadNuxtApp: 1. SSR open redirect in navigateTo via path-normalisation bypass. navigateTo decided whether a target was external by inspecting the raw input with...

5.1CVSS5.6AI score0.00234EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/16 1:47 p.m.10 views

Open Redirect

Overview org.webjars.npm:nuxt is a Affected versions of this package are vulnerable to Open Redirect via improper handling of URLs in the navigateTo function. An attacker can execute arbitrary scripts or redirect users to malicious sites by supplying crafted URLs that exploit path normalization a...

9.6CVSS6.1AI score0.00205EPSS
Exploits0References3
Rows per page
Query Builder