Hawkeye64

**Name of the Vulnerable Software and Affected Versions** QMarkdown (aka quasar-ui-qmarkdown) versions prior to 2.0.5 **Description** The issue allows for XSS via headers, even when the no-html option is set. This could potentially lead to malicious script execution. **Recommendations** For versions prior to 2.0.5, update to version 2.0.5 or later to resolve the issue. As a temporary workaround, consider disabling the use of headers in QMarkdown until a patch is available. Restrict access to QMarkdown to minimize the risk of exploitation. Avoid using QMarkdown with the no-html option set until the issue is resolved.