Summary
Affected versions
All currently supported versions of nuxt that ship the <NoScript> global component.
Workarounds
Until you can upgrade:
- Do not interpolate untrusted input into
<NoScript>slots. Replace<NoScript>{{ x }}</NoScript>with a static string, or sanitise / HTML-escapexat the source. - If you must render dynamic noscript content, write the tag yourself via
useHead({ noscript: [{ textContent: escapedValue }] })after escapingescapedValue.
Credit
Reported to Anthropic's coordinated vulnerability disclosure pipeline by Claude (Anthropic's AI assistant) and triaged by the Anthropic security team. Reference: ANT-2026-4NJYDFFM.
Independently reported by @alcls01111 via GitHub's coordinated disclosure flow (GHSA-8grp-wcq9-925q), closed as a duplicate of this advisory.
Impact
Nuxt's globally registered <NoScript> component (from @unhead/vue head components, re-exported by Nuxt) wrote its default-slot content to the innerHTML of the <noscript> head tag, bypassing the HTML escaping that {{ }} interpolation normally applies in Vue templates.
Applications that placed untrusted, attacker-controllable data inside a <NoScript> slot, for example:
<NoScript>{{ route.query.banner }}</NoScript>
would emit that value unescaped inside <noscript> in the server-rendered HTML. With scripting enabled, the HTML parser treats <noscript> content in <head> under the "in head noscript" insertion mode: any tag other than link, meta, noframes, or style implicitly closes <noscript> and is re-processed in the head. A payload such as <script>...</script> therefore escapes the element and executes in the document context.
Sibling head components (<Style>, <Title>) were not affected because they already routed slot text through the safe textContent path.
Untrusted input is rendered as active markup in a victim's browser, which can run script in their session. Typical impact: session or credential theft, and actions taken as the user.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Fixed in [email protected] (commit 4b054e9d) and backported to [email protected] (commit 7fea9fd6). The fix escapes <NoScript> slot content with escapeHtml from @vue/shared and writes it to textContent rather than innerHTML. Slot content is now rendered as text; intentional markup inside <NoScript> is no longer parsed as HTML.
Frequently Asked Questions
- What is GHSA-M3Q2-P4FW-W38M? GHSA-M3Q2-P4FW-W38M is a low-severity cross-site scripting (XSS) vulnerability in nuxt (npm), affecting versions >= 4.0.0, < 4.4.7. It is fixed in 4.4.7, 3.21.7. Untrusted input is rendered as active markup in a victim's browser, which can run script in their session.
- Which versions of nuxt are affected by GHSA-M3Q2-P4FW-W38M? nuxt (npm) versions >= 4.0.0, < 4.4.7 is affected.
- Is there a fix for GHSA-M3Q2-P4FW-W38M? Yes. GHSA-M3Q2-P4FW-W38M is fixed in 4.4.7, 3.21.7. Upgrade to this version or later.
- Is GHSA-M3Q2-P4FW-W38M exploitable, and should I be worried? Whether GHSA-M3Q2-P4FW-W38M is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether GHSA-M3Q2-P4FW-W38M is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix GHSA-M3Q2-P4FW-W38M?
- Upgrade
nuxtto 4.4.7 or later - Upgrade
nuxtto 3.21.7 or later
- Upgrade