CVE-2026-34405

Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes

Description

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5.

INFO

Published Date :

2026-03-31T21:16:24.918Z

Last Modified :

2026-04-01T18:43:23.097Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-34405 vulnerability.

Vendors	Products
Nuxt-modules	Og-image

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34405.

URL	Resource
https://github.com/nuxt-modules/og-image/security/advisories/GHSA-mg36-wvcr-m75h

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact