Описание
Nuxt DevTools vulnerable to cross-site scripting (XSS)
A vulnerability in Nuxt DevTools has been fixed in version 2.6.4*. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade.
Пакеты
Наименование
@nuxt/devtools
npm
Затронутые версииВерсия исправления
< 2.6.4
2.6.4
Связанные уязвимости
CVSS3: 6.9
nvd
3 месяца назад
A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools