5 matches found
Cross-site Scripting (XSS)
Overview beautiful-mermaid is a Render Mermaid diagrams as beautiful SVGs or ASCII art. Ultra-fast, fully themeable, zero DOM dependencies. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interpolation of user-controlled values from style and classDef directiv...
CVE-2026-26226
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
CVE-2026-26226
The CVE-2026-26226 issue affects beautiful-mermaid versions prior to 0.1.3, where user-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without proper escaping. This enables SVG attribute injection that can lead to cross-site scripting (XSS) ...
CVE-2026-26226 beautiful-mermaid < 0.1.3 SVG Attribute Injection
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
beautiful-mermaid 跨站脚本漏洞
Beautiful-Mermaid is a visualization AI assistant tool developed by Craft Docs. Versions of Beautiful-Mermaid prior to 0.1.3 had a cross-site scripting vulnerability. This vulnerability stemmed from an SVG attribute injection issue, which could lead to cross-site scripting attacks when rendering...