CVE-2026-34405
Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
nuxt-modules · og-image¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →