Key Information Vulnerability Overview Vulnerability Type: XSS (Cross-Site Scripting) Description: Exploits Markdown rendering to bypass HTML filters, leading to remote script inclusion and stored XSS vulnerability. CVE ID: CVE-2025-54075 CVSS v3 Base Score: 8.3/10 Affected Scope Affected Version: 0.17.0 Impacted Applications: Any Nuxt project using to render user-controlled Markdown (e.g., blogs, CMS, documentation, comments). Vulnerability Details Affected File: Core Logic: The function checks for attributes starting with and blocks them. The or attributes are filtered via . However, all other attributes and tags—including —are not validated. As a result, malicious values on are never checked. Proof of Concept Insert the following into any Markdown processed by Nuxt MDC: Start the Nuxt application ( ) and access the page. The browser will then request and execute the returned JavaScript within the context of the vulnerable site. Impact and Consequences Type: Stored XSS via remote script inclusion Consequences: Full session hijacking of visitors, credential theft, defacement, phishing, CSRF, or any action executable via injected scripts. Recommended Actions 1. Disable or sanitize the tag in the renderer; the safest approach is to remove it entirely. 2. Restrict on to same-origin URLs only, and reject protocols (e.g., , , ) that do not match the current site’s origin. 3. Release a patched version and document the security fix. 4. Until patched, disable raw HTML in Markdown or use an external sanitizer (e.g., DOMPurify) with .