{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34405", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-27T13:45:29.620Z", "datePublished": "2026-03-31T21:16:24.918Z", "dateUpdated": "2026-04-01T18:43:23.097Z"}, "containers": {"cna": {"title": "Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nuxt-modules/og-image/security/advisories/GHSA-mg36-wvcr-m75h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nuxt-modules/og-image/security/advisories/GHSA-mg36-wvcr-m75h"}], "affected": [{"vendor": "nuxt-modules", "product": "og-image", "versions": [{"version": "< 6.2.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T21:16:24.918Z"}, "descriptions": [{"lang": "en", "value": "Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image\u2011generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5."}], "source": {"advisory": "GHSA-mg36-wvcr-m75h", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:43:12.726823Z", "id": "CVE-2026-34405", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:43:23.097Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34405", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T18:43:12.726823Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:43:18.343Z"}}], "cna": {"title": "Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes", "source": {"advisory": "GHSA-mg36-wvcr-m75h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "nuxt-modules", "product": "og-image", "versions": [{"status": "affected", "version": "< 6.2.5"}]}], "references": [{"url": "https://github.com/nuxt-modules/og-image/security/advisories/GHSA-mg36-wvcr-m75h", "name": "https://github.com/nuxt-modules/og-image/security/advisories/GHSA-mg36-wvcr-m75h", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image\u2011generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T21:16:24.918Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34405", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:43:23.097Z", "dateReserved": "2026-03-27T13:45:29.620Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T21:16:24.918Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nuxt:og_image:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "4C6B8532-3E90-4B23-8869-FB392D2BF6DD", "versionEndExcluding": "6.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image\u2011generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5."}], "id": "CVE-2026-34405", "lastModified": "2026-04-13T15:17:23.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T22:16:18.813", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/nuxt-modules/og-image/security/advisories/GHSA-mg36-wvcr-m75h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.2.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "og-image", "source": "cna", "vendor": "nuxt-modules"}, "product": "og-image", "vendor": "nuxt-modules"}], "analysis": {"en": {"generated_at": "2026-04-13T16:32:25.449202+00:00", "value": {"mitigation_remediation": ["Upgrade the Nuxt OG Image module to version 6.2.5 or later, which removes the injection point.", "Verify the upgrade by checking the module\u2019s version and testing the image endpoints for proper sanitization.", "If an immediate upgrade is not possible, restrict access to the /_og/d/ and /og-image/ URLs to trusted administrative users or apply an internal firewall rule to block external requests.", "Implement a strict Content Security Policy to mitigate the impact of any residual XSS attempts."], "summary": {"action": "Apply Patch", "impact": "Reflected Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "All installations of the Nuxt OG Image module from nuxt\u2011modules that use the og-image package and are running a release older than 6.2.5. The vulnerable endpoints are /_og/d/ and, in earlier releases, /og\u2011image/.", "description_and_impact": "Nuxt OG Image renders Open Graph images using Vue templates. Prior to version 6.2.5, the image\u2011generation route allows an attacker to inject arbitrary attributes into the HTML body through a crafted query string. This enables reflected Cross\u2011Site Scripting, which can be used to steal session data, deface pages, or execute arbitrary code in the context of the victim browser. The weakness is a classic reflected XSS flaw (CWE\u201179).", "risk_and_exploitability": "The vulnerability scores a moderate CVSS 6.1 and has a very low EPSS probability of less than 1\u202f%. It is not listed in CISA\u2019s KEV catalog, suggesting no confirmed public exploitation. Attackers can trigger the flaw by sending a specially crafted HTTP request to the exposed endpoints, which then reflects the malicious query into the generated HTML. Even though the impact is limited to the browser context, the ability to drop scripts poses significant threats in compromised user sessions."}}}}, "created": "2026-04-02T07:52:13.066553+00:00", "updated": "2026-04-14T16:42:13.975450+00:00", "vendors": ["nuxt-modules", "nuxt-modules$PRODUCT$og-image"]}