Search
Search Results (10 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52662 | 2 Nuxt, Vercel | 3 Devtools, Nuxt, Vercel | 2026-02-04 | 6.9 Medium |
| A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools | ||||
| CVE-2025-59414 | 1 Nuxt | 1 Nuxt | 2025-12-03 | 3.1 Low |
| Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. The vulnerability occurs in the client-side payload revival process (revive-payload.client.ts) where Nuxt Islands are automatically fetched when encountering serialized __nuxt_island objects. During prerendering, if an API endpoint returns user-controlled data containing a crafted __nuxt_island object, he data gets serialized with devalue.stringify and stored in the prerendered page. When a client navigates to the prerendered page, devalue.parse deserializes the payload. The Island reviver attempts to fetch /__nuxt_island/${key}.json where key could contain path traversal sequences. Update to Nuxt 3.19.0+ or 4.1.0+. | ||||
| CVE-2025-27415 | 1 Nuxt | 1 Nuxt | 2025-12-03 | 7.5 High |
| Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. An attacker can perform this attack to a vulnerable site in order to make a site unavailable indefinitely. It is also possible in the case where the cache will be reset to make a small script to send a request each X seconds (=caching duration) so that the cache is permanently poisoned making the site completely unavailable. This vulnerability is fixed in 3.16.0. | ||||
| CVE-2025-24361 | 1 Nuxt | 1 Nuxt | 2025-07-12 | 5.3 Medium |
| Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. By using `Function::toString` against the values in `window.webpackChunknuxt_app`, the attacker can get the source code. Version 3.15.13 of Nuxt patches this issue. | ||||
| CVE-2023-0878 | 1 Nuxt | 1 Nuxt | 2025-05-01 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. | ||||
| CVE-2022-4414 | 1 Nuxt | 1 Framework | 2025-04-14 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | ||||
| CVE-2022-4413 | 1 Nuxt | 1 Framework | 2025-04-14 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | ||||
| CVE-2023-3224 | 1 Nuxt | 1 Nuxt | 2025-01-03 | 9.8 Critical |
| Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | ||||
| CVE-2024-42352 | 1 Nuxt | 2 Icon, Nuxt | 2024-09-19 | 8.6 High |
| Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. The `new URL` constructor is used to parse the final path. This constructor can be passed a relative scheme or path in order to change the host the request is sent to. This constructor is also very tolerant of poorly formatted URLs. As a result we can pass a path prefixed with the string `http:`. This has the effect of changing the scheme to HTTP. We can then subsequently pass a new host, for example `http:127.0.0.1:8080`. This would allow us to send requests to a local server. This issue has been addressed in release version 1.4.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-34344 | 1 Nuxt | 1 Nuxt | 2024-08-06 | 8.8 High |
| Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. Since web pages can send requests to arbitrary addresses, a malicious web page can repeatedly try to exploit this vulnerability, which then triggers the exploit when the test server starts. | ||||
Page 1 of 1.