Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 5:31 p.m.6 views

CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS5.9AI score0.00177EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/20 3:21 p.m.26 views

CVE-2026-56317 Nuxt - Cross-Site Scripting via NoScript Component Slot Content

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS0.00209EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/20 3:21 p.m.7 views

EUVD-2026-38112

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS5.7AI score0.00209EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51143

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description A cross-site scripting issue exists in the NoScript component, which writes slot content to innerHTML without proper escaping. This allows attackers to inject malicious...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References12
Snyk
Snyk
added 2026/06/16 11:38 p.m.12 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:nuxt is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the NoScript component when untrusted input is interpolated into its slot content. An attacker can inject malicious HTML or scripts by supplying specially crafted data that is...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 11:38 p.m.9 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the NoScript component when untrusted input is interpolated into its slot content. An attacker can inject malicious HTML or scripts by supplying specially crafted data that is rendered unescaped in the...

6.1CVSS6AI score0.00209EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/16 5:52 p.m.8 views

Cross-site Scripting (XSS)

Astro is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping of named slot content inserted into the data-astro-template attribute when using client: directives, which allows an attacker to break out of the attribute context and inject arbitrary HTML or...

7.1CVSS5.4AI score0.00177EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/11/19 8:0 p.m.4 views

GHSA-WRWG-2HG8-V723 Astro vulnerable to reflected XSS via the server islands feature

Summary After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. Details Server islands run in their own isolated context outside of the page reques...

7.1CVSS6.6AI score0.00446EPSS
Exploits1References4
Rows per page
Query Builder