Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc

Severity:: High

Description

An unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL.

Recommendation

Update the @nuxtjs/mdc package to the latest compatible version. Followings are version details:

Affected version(s): <= 0.13.2
Patched version(s): 0.13.3

References

GHSA-j82m-pc2v-2484
CVE-2025-24981
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering - CVE-2025-54075
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS) - CVE-2025-8101
md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed) - CVE-2026-46492
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) - CVE-2025-27109

How to Secure your NodeJs Express Javascript Application - part 1

CSRF, XXE, and 12 Other Security Acronyms Explained

How do hackers hack websites?

Tags:: npm; @nuxtjs/mdc

Anything's wrong? Let us know Last updated on February 06, 2025