Cross-site Scripting (XSS) - Generic in nuxt/framework
CVE-2023-0878

6.1MEDIUM

Key Information:

Vendor

Nuxt

Status
Nuxt/framework
Vendor
CVE Published:
17 February 2023

What is CVE-2023-0878?

Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.

Affected Version(s)

nuxt/framework < 3.2.1

References

https://huntr.dev/bounties/a892caf7-b8c2-4638-8cee-eb779d...
https://github.com/nuxt/framework/commit/7aa35ff958eec0c7...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.