[Medium] CVE-2025-43954 – QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even whe...

Sun, 20 Apr 2025 19:15:43 +0000

Medium CVE-2025-43954

QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.

CVSS: 4.9 · CWE: CWE-79

[High] CVE-2023-35910 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti...

Sat, 04 Nov 2023 00:15:08 +0000

High CVE-2023-35910

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.

CVSS: 8.5 · CWE: CWE-89

View on NVD

CVE Daily – Quasar

[Medium] CVE-2025-43954 – QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even whe...

[High] CVE-2023-35910 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti...