Vulnerabilities/

QMarkdown Cross-Site Scripting (XSS) vulnerability

Severity:
Medium

Description

QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.

Recommendation

Update the @quasar/quasar-ui-qmarkdown package to the latest compatible version. Followings are version details:

References

Related Issues

Tags:
npm
@quasar/quasar-ui-qmarkdown
Anything's wrong? Let us know Last updated on April 21, 2025

This issue is available in SmartScanner Professional

See Pricing