CVE-2025-43954
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Apr 20, 2025
Updated: Apr 30, 2025
CWE ID 79
Summary
CVE-2025-43954 is a vulnerability affecting QMarkdown, also known as quasar-ui-qmarkdown, prior to version 2.0.5. This issue enables Cross-Site Scripting (XSS) attacks even when the 'no-html' setting is activated. Attackers can inject malicious scripts into headers, bypassing the security measure and potentially executing malicious code on unsuspecting users. This vulnerability poses a significant risk to applications using QMarkdown and highlights the importance of keeping software up-to-date to protect against known security threats.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Quasar