Summary
Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-HHPQ-7WG4-36JM
CakePHP Authentication: Open redirect weakness via backslash bypass
- HIGHGHSA-M9CV-24RX-8MV7
Filament: Disabled RichEditor field state can be used for XSS
- MEDIUMGHSA-J5R2-4C8J-XC3M
Gitea: Open Redirect via redirect_to
- HIGHGHSA-9CPJ-QC93-VW8V
Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer
- HIGHGHSA-V2QM-5WXJ-QHJ7
Open WebUI: Stored XSS to Account Takeover via Model Profile Images
- HIGHGHSA-V8QJ-HXV7-MGVV
Open WebUI: Stored XSS in Mermaid Markdown Preview