585 matches found
DEBIAN-CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
Cross site request forgery (csrf)
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
UBUNTU-CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
CVE-2022-31108
Summary of CVE-2022-31108 (mermaid.js) : The vulnerability allows an attacker to inject arbitrary CSS into the generated graph, enabling styling changes to elements outside the SVG and potential information disclosure via CSS selectors that trigger HTTP requests. The issue is tied to how user inp...
CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
Mermaid 跨站脚本漏洞
Mermaid is a software application. Create charts and visualizations using text and code. A cross-site scripting vulnerability exists in Mermaid versions prior to 9.1.3, which stems from the fact that whenever there is an actual match, the browser issues an http request to load a background image,...
The vulnerability of the Mermaid software tool, a git-based programming platform for collaborative code development on GitLab, allows a perpetrator to compromise data integrity.
The vulnerability of Mermaid, a software platform based on Git for collaborative code development on GitLab, is related to insufficient filtering of Markdown. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...
CVE-2022-24123
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...
CVE-2022-24123
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...
CVE-2022-24123
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...
CVE-2022-24123
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...
Cross-site Scripting (XSS) - Reflected in mermaid-js/mermaid-live-editor
Description There is a reflected XSS vulnerability in Mermaid v8.13.9 Live Editor. It is fixed in Mermaid develop Branch - Proof of Concept Open following link: \ \ \ \ Or copy & paste following in Mermaid v8.13.9 Live Editor: classDiagram class Duck +String beakColor +swim +quack Impact Execute...
Cross-site Scripting (XSS)
mermaid is vulnerable to cross-site scripting. The vulnerability exists in the sanitizeUrl function in the svgDraw.js, allowing an attacker to inject and execute malicious javascript through the malicious diagrams...
GHSA-P3RP-VMJ9-GV6V Incorrect sanitisation function leads to `XSS` in mermaid
Impact Malicious diagrams can contain javascript code that can be run at diagram readers machines. Patches The users should upgrade to version 8.13.8 Workarounds You need to upgrade in order to avoid this issue...
3d-emoji (>=2.1.0 <=2.3.0), 6thbridge-hexa-docs (=0.0.1) +3204 more potentially affected by CVE-2021-43861 via mermaid (>=0.2.16 <=8.13.4)
mermaid NPM version =0.2.16, =2.1.0, =0.1.0, =1.4.8, =0.1.0, =0.0.1, =0.18.0-beta.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.3, =2.13.43, =2.13.43, =2.13.94 and more Source cves: CVE-2021-43861 Source advisory: OSV:GHSA-P3RP-VMJ9-GV6V...
Incorrect sanitisation function leads to `XSS` in mermaid
Impact Malicious diagrams can contain javascript code that can be run at diagram readers machines. Patches The users should upgrade to version 8.13.8 Workarounds You need to upgrade in order to avoid this issue...
CVE-2021-43861
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...