Intel

AIKIDO-2026-201376

@nuxtjs/mdc is vulnerable to Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS)GHSA-mxm6-v9r6-r94c Published 2 days ago

81

High Risk

This Affects:

JS@nuxtjs/mdc
0.1.0 - 0.22.0
Fixed in 0.22.1
Are you affected? Scan for Free

TL;DR

@nuxtjs/mdc renders untrusted markdown, including raw HTML, into a Vue component tree and relies on the validateProp sanitizer in props.ts as the only barrier against dangerous links. The sanitizer only scheme-checks attributes named href or src, so an SVG anchor xlink:href carrying a javascript: URL is passed through unvalidated. Its data:text/html deny-list is also compared against url.protocol (always data: for data URIs), making those entries dead code so data:text/html payloads are allowed through. An author of untrusted markdown can therefore execute arbitrary script in the page origin at the default configuration; the fix validates xlinkhref like href/src and compares the deny-list against the full url.href.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

@nuxtjs/mdc is vulnerable to Cross-Site Scripting (XSS) in versions 0.1.0 - 0.22.0.

How to fix this

Upgrade the @nuxtjs/mdc library to the patch version.