Skip to main content

Nuxt CVE-2023-0878

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-02-17 security@huntr.dev
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 17, 2023 - 01:15 nvd
MEDIUM 6.1

DescriptionNVD

Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.

AnalysisAI

Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. Affected products include: Nuxt. Version information: prior to 3.2.1..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Nuxt

View all
CVE-2023-3224 CRITICAL POC
9.8 Jun 13

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2024-34344 HIGH POC
8.8 Aug 05

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high seve

CVE-2024-23657 HIGH POC
8.8 Aug 05

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high seve

CVE-2024-42352 HIGH POC
7.5 Aug 05

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high seve

CVE-2024-34343 MEDIUM POC
6.1 Aug 05

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated medium se

CVE-2023-2138 CRITICAL
9.8 Apr 18

Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2. Rated critical severity (CVSS

CVE-2026-41248 CRITICAL
9.1 Apr 24

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @c

CVE-2026-53721 HIGH
8.8 Jun 12

Route-rule middleware bypass in Nuxt 3.11.0-3.21.6 and 4.0.0-4.4.6 allows remote attackers to evade routeRules-defined p

CVE-2025-27415 HIGH
7.5 Mar 19

Nuxt is an open-source web development framework for Vue.js. Rated high severity (CVSS 7.5), this vulnerability is remot

CVE-2025-59414 LOW POC
3.1 Sep 17

Nuxt is an open-source web development framework for Vue.js. Rated low severity (CVSS 3.1), this vulnerability is remote

CVE-2026-56301 MEDIUM
6.8 Jun 23

Nuxt's development server on Linux exposes an unprotected vite-node IPC server via a Linux abstract-namespace Unix socke

CVE-2026-49993 MEDIUM POC
5.9 Jun 12

Source code exfiltration in Nuxt's @nuxt/webpack-builder and @nuxt/rspack-builder (versions 3.15.4-3.21.6 and 4.0.0-alph

Share

CVE-2023-0878 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy