Medium
CVE-2025-43954
QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.
Tag: Quasar
All CVEs associated with "Quasar". Page 1/1 • 2 CVEs.
About “Quasar”
A curated feed of “Quasar”-related CVEs appears below. We currently track 2 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 6.7 (all time), and 50% are rated High/Critical (all time). Top CWEs (all time): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: quasar
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | Premier Support | EOL | LTS |
|---|---|---|---|---|---|
| 2 | 2.19.3 | Unavailable | - | ||
| 1 | 1.22.10 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS (expired) · ICS
Subscribe CVEs: RSS for “Quasar” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-04-20
2023-11-04
High
CVE-2023-35910
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This is…