CVE-2022-4414

CVE-2022-4414 is a DOM-based XSS in Nuxt.js / nuxt/framework prior to v3.0.0-rc.13. The issue stems from the _getPayloadURL path, where URL parsing and host/params checks can be bypassed, enabling a crafted URL to execute injected JavaScript on prerendered sites. Public details consistently descr...

CVE-2022-4413

The CVE-2022-4413 issue concerns the Nuxt.js framework (nuxt/framework) prior to version 3.0.0-rc.13, where a reflected XSS vulnerability exists in the handling of error/stack traces. The root cause is unsafe rendering of stack traces (via v-html/$stack) in error templates, allowing an attacker t...