{"vulnerability": "CVE-2026-53722", "sightings": [{"uuid": "fd8931aa-1c36-4ebd-9ea5-9bd07de6a5c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53722", "type": "seen", "source": "https://gist.github.com/alon710/aedd4394e8d823981bff81789fa6dc8a", "content": "# CVE-2026-53722: CVE-2026-53722: Reflected DOM-based Cross-Site Scripting (XSS) in Nuxt \n\n> **CVSS Score:** 5.4\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53722\n\n## Summary\nA reflected DOM-based Cross-Site Scripting (XSS) vulnerability was identified in Nuxt's core  component. Prior to the patched versions, the component failed to validate or sanitize the target URI schemes before directly rendering them into the 'href' attribute of native HTML anchor elements. An attacker who controls the input bound to the 'to' or 'href' properties can inject executable URI schemes, such as 'javascript:' or 'data:', leading to arbitrary script execution in the context of the user's browser session.\n\n## TL;DR\nNuxt `` components prior to versions 3.21.7 and 4.4.7 fail to sanitize URL schemes, enabling DOM-based XSS when binding untrusted, attacker-controlled navigation targets.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-79\n- **Attack Vector**: Network\n- **CVSS Score**: 5.4 (Medium)\n- **EPSS Score**: 0.00198\n- **Impact**: Reflected DOM-based Cross-Site Scripting (XSS)\n- **Exploit Status**: Proof-of-Concept (PoC)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Nuxt Framework v3 (before version 3.21.7)\n- Nuxt Framework v4 (before version 4.4.7)\n- **Nuxt**: < 3.21.7 (Fixed in: `3.21.7`)\n- **Nuxt**: >= 4.0.0, < 4.4.7 (Fixed in: `4.4.7`)\n\n## Mitigation\n\n- Upgrade the Nuxt framework to a non-vulnerable version.\n- Enforce strict URI validation on user-controlled redirect targets before routing.\n- Implement a robust Content Security Policy (CSP) restricting execution of inline scripts.\n\n**Remediation Steps:**\n1. Open your package management configuration file (package.json).\n2. Locate the 'nuxt' dependency entry.\n3. Update the version definition to '^3.21.7' for Nuxt v3 projects or '^4.4.7' for Nuxt v4 projects.\n4. Execute your package manager upgrade command (e.g., 'npm install', 'yarn install', or 'pnpm install') to retrieve and link the updated package assets.\n5. Deploy the updated application to production environments and verify that the 'sanitizeExternalHref' logic blocks any 'javascript:' injection attempts.\n\n## References\n\n- [Nuxt Security Advisory GHSA-934w-87qh-qr26](https://github.com/nuxt/nuxt/security/advisories/GHSA-934w-87qh-qr26)\n- [CVE-2026-53722 Official Record](https://www.cve.org/CVERecord?id=CVE-2026-53722)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53722) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T14:21:22.000000Z"}]}