Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56317

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-20 Jun, 2026 | 15:21
Updated At-20 Jun, 2026 | 15:21
Rejected At-
Credits

Nuxt - Cross-Site Scripting via NoScript Component Slot Content

Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which execute in the document context when the noscript tag is implicitly closed by script tags.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:20 Jun, 2026 | 15:21
Updated At:20 Jun, 2026 | 15:21
Rejected At:
▼CVE Numbering Authority (CNA)
Nuxt - Cross-Site Scripting via NoScript Component Slot Content

Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which execute in the document context when the noscript tag is implicitly closed by script tags.

Affected Products
Vendor
Nuxt
Product
Nuxt
Default Status
unaffected
Versions
Affected
  • From 4.0.0 before 4.4.7 (semver)
Unaffected
  • 4.4.7 (semver)
Vendor
Nuxt
Product
Nuxt
Default Status
unaffected
Versions
Affected
  • From 0 before 3.21.7 (semver)
Unaffected
  • 3.21.7 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
4.02.3LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
alcls01111
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nuxt/nuxt/security/advisories/GHSA-m3q2-p4fw-w38m
vendor-advisory
https://github.com/nuxt/nuxt/commit/4b054e9d95f8daf366cb144b52782047c511a66e
patch
https://github.com/nuxt/nuxt/commit/7fea9fd687f1dacbfb63db5fae5839896b017a0e
patch
https://www.vulncheck.com/advisories/nuxt-cross-site-scripting-via-noscript-component-slot-content
third-party-advisory
Hyperlink: https://github.com/nuxt/nuxt/security/advisories/GHSA-m3q2-p4fw-w38m
Resource:
vendor-advisory
Hyperlink: https://github.com/nuxt/nuxt/commit/4b054e9d95f8daf366cb144b52782047c511a66e
Resource:
patch
Hyperlink: https://github.com/nuxt/nuxt/commit/7fea9fd687f1dacbfb63db5fae5839896b017a0e
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/nuxt-cross-site-scripting-via-noscript-component-slot-content
Resource:
third-party-advisory
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:20 Jun, 2026 | 16:17
Updated At:22 Jun, 2026 | 21:14

Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which execute in the document context when the noscript tag is implicitly closed by script tags.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.3LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primarydisclosure@vulncheck.com
CWE ID: CWE-79
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/nuxt/nuxt/commit/4b054e9d95f8daf366cb144b52782047c511a66edisclosure@vulncheck.com
N/A
https://github.com/nuxt/nuxt/commit/7fea9fd687f1dacbfb63db5fae5839896b017a0edisclosure@vulncheck.com
N/A
https://github.com/nuxt/nuxt/security/advisories/GHSA-m3q2-p4fw-w38mdisclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/nuxt-cross-site-scripting-via-noscript-component-slot-contentdisclosure@vulncheck.com
N/A
Hyperlink: https://github.com/nuxt/nuxt/commit/4b054e9d95f8daf366cb144b52782047c511a66e
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/nuxt/nuxt/commit/7fea9fd687f1dacbfb63db5fae5839896b017a0e
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/nuxt/nuxt/security/advisories/GHSA-m3q2-p4fw-w38m
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/nuxt-cross-site-scripting-via-noscript-component-slot-content
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2026-56698
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 12.96%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 21:04
Updated-23 Jun, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuxt - Cross-Site Scripting via navigateTo open Option

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when user-controlled input is passed to navigateTo.

Action-Not Available
Vendor-Nuxt
Product-Nuxt
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-33168
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.52% / 39.81%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 23:01
Updated-16 Apr, 2026 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rails has a possible XSS vulnerability in its Action View tag helpers

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that allow users to specify custom HTML attributes are affected. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.

Action-Not Available
Vendor-Ruby on Rails
Product-actionview
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-42794
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
ShareView Details
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Score-2.3||LOW
EPSS-0.28% / 19.73%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 15:42
Updated-21 May, 2026 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':js_escape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the query GET parameter before embedding it in an inline JavaScript string, but does not escape backslashes. An attacker can bypass the escaping by prefixing a quote with a backslash (e.g. \'), breaking out of the string context and executing arbitrary JavaScript in the victim's browser. This issue affects absinthe_plug: from 1.2.0 before 1.5.10.

Action-Not Available
Vendor-absinthe-graphqlabsinthe-graphql
Product-absinthe.plugabsinthe_plug
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-25299
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.56% / 42.02%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 19:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site scripting (XSS) in the real-time collaboration package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within the document. It can lead to unauthorized JavaScript code execution, which might happen with a very specific editor and token endpoint configuration. This vulnerability affects only installations with Real-time collaborative editing enabled. The problem has been recognized and patched. The fix is available in version 44.2.1 (and above). Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-ckeditor
Product-ckeditor5
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Details not found