CVE-2026-53722
CVE-2026-53722 affects Nuxt.js prior to versions 3.21.7 and 4.4.7, where did not validate URL schemes bound to its to or href before rendering. Attacker-controlled input (query parameters, CMS fields, or user URLs) can be reflected into the href attribute, enabling reflected DOM-based XSS via ja...