Sota70

**Name of the Vulnerable Software and Affected Versions** Nuxt versions prior to 3.21.7 Nuxt versions prior to 4.4.7 **Description** The `<NuxtLink>` component fails to validate the URL scheme of values bound to its `to` or `href` props before rendering them into the `href` attribute of the underlying `<a>` element. If an application binds attacker-controlled input to these props, an attacker can provide a `javascript:` or `vbscript:` URL. When clicked, this executes the script in the origin of the application, leading to reflected DOM-based cross-site scripting (XSS), which is a vulnerability where a script is executed in the user's browser due to the application's failure to sanitize input. Additionally, a `data:text/html,...` payload can be used to create a same-tab phishing surface. This issue also affects applications that re-bind the `href` and `route.href` props from the component's custom slot to their own anchors. **Recommendations** Update to version 3.21.7 or later. Update to version 4.4.7 or later.