Og Image
Monthly
Nuxt OG Image versions prior to 6.2.5 allow cross-site scripting (XSS) attacks via arbitrary HTML attribute injection in the image-generation endpoint at /_og/d/, affecting any unauthenticated remote user who can craft a malicious URI. An attacker can inject attributes into the HTML page body to execute JavaScript in the context of users' browsers, compromising confidentiality and integrity without service disruption. No public exploit code or active exploitation has been confirmed at the time of analysis.
Nuxt OG Image versions prior to 6.2.5 are vulnerable to denial of service through unbounded image dimension parameters in the /_og/d/ endpoint. Attackers can specify arbitrarily large width and height values, causing the image-generation component to consume excessive CPU and memory resources, resulting in application unavailability. No authentication is required to exploit this vulnerability.
Nuxt OG Image versions prior to 6.2.5 allow cross-site scripting (XSS) attacks via arbitrary HTML attribute injection in the image-generation endpoint at /_og/d/, affecting any unauthenticated remote user who can craft a malicious URI. An attacker can inject attributes into the HTML page body to execute JavaScript in the context of users' browsers, compromising confidentiality and integrity without service disruption. No public exploit code or active exploitation has been confirmed at the time of analysis.
Nuxt OG Image versions prior to 6.2.5 are vulnerable to denial of service through unbounded image dimension parameters in the /_og/d/ endpoint. Attackers can specify arbitrarily large width and height values, causing the image-generation component to consume excessive CPU and memory resources, resulting in application unavailability. No authentication is required to exploit this vulnerability.