Home

Description

Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which execute in the document context when the noscript tag is implicitly closed by script tags.

PUBLISHED Reserved 2026-06-20 | Published 2026-06-20 | Updated 2026-06-24 | Assigner VulnCheck




LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

4.0.0 (semver) before 4.4.7
affected

4.4.7 (semver)
unaffected

Default status
unaffected

Any version before 3.21.7
affected

3.21.7 (semver)
unaffected

Credits

alcls01111 reporter

References

github.com/nuxt/nuxt/security/advisories/GHSA-m3q2-p4fw-w38m (GHSA Advisory GHSA-m3q2-p4fw-w38m) vendor-advisory

github.com/...ommit/4b054e9d95f8daf366cb144b52782047c511a66e patch

github.com/...ommit/7fea9fd687f1dacbfb63db5fae5839896b017a0e patch

www.vulncheck.com/...ing-via-noscript-component-slot-content (VulnCheck Advisory: Nuxt - Cross-Site Scripting via NoScript Component Slot Content) third-party-advisory

cve.org (CVE-2026-56317)

nvd.nist.gov (CVE-2026-56317)

Download JSON