Vozec

**Name of the Vulnerable Software and Affected Versions** @nuxtjs/mdc versions prior to 0.17.2 **Description** A remote script-inclusion / stored cross-site scripting issue exists in @nuxtjs/mdc. A Markdown author can inject a `<base href="https://attacker.tld">` element, which rewrites how relative URLs are resolved. This allows an attacker to load scripts, styles, or images from an external, attacker-controlled origin and execute arbitrary JavaScript in the site’s context. **Recommendations** Update @nuxtjs/mdc to version 0.17.2 or later.