CVE-2025-54075 – Nuxtjs MDC Stored Cross-Site Scripting (Remote Script-Inclusion)

July 18, 2025

CVE ID : CVE-2025-54075

Published : July 18, 2025, 4:15 p.m. | 2 hours, 14 minutes ago

Description : MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a “ element. The “ tag rewrites how all subsequent relative URLs are resolved, so an attacker can make the page load scripts, styles, or images from an external, attacker-controlled origin and execute arbitrary JavaScript in the site’s context. Version 0.17.2 contains a fix for the issue.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53945 – Apko File Permission Vulnerability (Root Escalation)

Next Article CVE-2025-54059 – Melange SBOM Generation Permissions Vulnerability

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-54075 – Nuxtjs MDC Stored Cross-Site Scripting (Remote Script-Inclusion)

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Why you need a data backup plan for your Mac or PC – before disaster strikes

Best of 2025 | Hotel Operations Solution in Singapore

Microsoft admits issues in Windows 11 June 2025 Update with Print to PDF

Governance First, GenAI Next: How Indian CIOs Are Prioritizing AI

CVE-2025-23121 Remote Code Execution in Veeam

Microsoft might be sick of hearing “When is Windows 12 coming?” — but Windows 10’s death remains the hot topic for most users

CVE-2025-6668 – Code-projects Inventory Management System SQL Injection Vulnerability

CVE-2025-41647 – Siemens PLC Designer Password Disclosure Vulnerability

CVE-2025-54075 – Nuxtjs MDC Stored Cross-Site Scripting (Remote Script-Inclusion)

Related Posts