CVE-2025-43954

Name of the Vulnerable Software and Affected Versions QMarkdown (aka quasar-ui-qmarkdown) versions prior to 2.0.5

Description The issue allows for XSS via headers, even when the no-html option is set. This could potentially lead to malicious script execution.

Recommendations For versions prior to 2.0.5, update to version 2.0.5 or later to resolve the issue. As a temporary workaround, consider disabling the use of headers in QMarkdown until a patch is available. Restrict access to QMarkdown to minimize the risk of exploitation. Avoid using QMarkdown with the no-html option set until the issue is resolved.