Lucene search
+L

585 matches found

OSV
OSV
added 2022/06/28 7:15 p.m.5 views

DEBIAN-CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6.3AI score0.00869EPSS
Exploits1References1
NVD
NVD
added 2022/06/28 7:15 p.m.24 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS0.00869EPSS
Exploits1References2
Prion
Prion
added 2022/06/28 7:15 p.m.11 views

Cross site request forgery (csrf)

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

5.8CVSS6.1AI score0.00869EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/06/28 7:15 p.m.25 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6.4AI score0.00869EPSS
Exploits1References3
OSV
OSV
added 2022/06/28 7:15 p.m.6 views

UBUNTU-CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6.5AI score0.00869EPSS
Exploits1References4
CVE
CVE
added 2022/06/28 6:35 p.m.105 views

CVE-2022-31108

Summary of CVE-2022-31108 (mermaid.js) : The vulnerability allows an attacker to inject arbitrary CSS into the generated graph, enabling styling changes to elements outside the SVG and potential information disclosure via CSS selectors that trigger HTTP requests. The issue is tied to how user inp...

6.1CVSS5AI score0.00869EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/06/28 6:35 p.m.24 views

CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

4.1CVSS6AI score0.00869EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/06/28 6:35 p.m.38 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6AI score0.00869EPSS
Exploits1
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.7 views

Mermaid 跨站脚本漏洞

Mermaid is a software application. Create charts and visualizations using text and code. A cross-site scripting vulnerability exists in Mermaid versions prior to 9.1.3, which stems from the fact that whenever there is an actual match, the browser issues an http request to load a background image,...

6.1CVSS5.8AI score0.00869EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/04/05 12:0 a.m.9 views

The vulnerability of the Mermaid software tool, a git-based programming platform for collaborative code development on GitLab, allows a perpetrator to compromise data integrity.

The vulnerability of Mermaid, a software platform based on Git for collaborative code development on GitLab, is related to insufficient filtering of Markdown. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

5.4CVSS6.3AI score0.63555EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/29 11:15 p.m.2 views

CVE-2022-24123

MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...

9CVSS5.5AI score0.01945EPSS
Exploits1References3
NVD
NVD
added 2022/01/29 11:15 p.m.10 views

CVE-2022-24123

MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...

9CVSS0.01945EPSS
Exploits1References2
OSV
OSV
added 2022/01/29 10:53 p.m.11 views

CVE-2022-24123

MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...

9CVSS6.5AI score0.01945EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/01/29 10:53 p.m.18 views

CVE-2022-24123

MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...

8.5AI score0.01945EPSS
Exploits1References2
Huntr
Huntr
added 2022/01/20 7:9 p.m.11 views

Cross-site Scripting (XSS) - Reflected in mermaid-js/mermaid-live-editor

Description There is a reflected XSS vulnerability in Mermaid v8.13.9 Live Editor. It is fixed in Mermaid develop Branch - Proof of Concept Open following link: \ \ \ \ Or copy & paste following in Mermaid v8.13.9 Live Editor: classDiagram class Duck +String beakColor +swim +quack Impact Execute...

6AI score
Exploits0
Veracode
Veracode
added 2022/01/07 6:54 a.m.41 views

Cross-site Scripting (XSS)

mermaid is vulnerable to cross-site scripting. The vulnerability exists in the sanitizeUrl function in the svgDraw.js, allowing an attacker to inject and execute malicious javascript through the malicious diagrams...

7.2CVSS2.9AI score0.00912EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/01/06 7:45 p.m.48 views

GHSA-P3RP-VMJ9-GV6V Incorrect sanitisation function leads to `XSS` in mermaid

Impact Malicious diagrams can contain javascript code that can be run at diagram readers machines. Patches The users should upgrade to version 8.13.8 Workarounds You need to upgrade in order to avoid this issue...

7.2CVSS6.1AI score0.00912EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/01/06 7:45 p.m.10 views

3d-emoji (>=2.1.0 <=2.3.0), 6thbridge-hexa-docs (=0.0.1) +3204 more potentially affected by CVE-2021-43861 via mermaid (>=0.2.16 <=8.13.4)

mermaid NPM version =0.2.16, =2.1.0, =0.1.0, =1.4.8, =0.1.0, =0.0.1, =0.18.0-beta.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.3, =2.13.43, =2.13.43, =2.13.94 and more Source cves: CVE-2021-43861 Source advisory: OSV:GHSA-P3RP-VMJ9-GV6V...

7.2CVSS6.5AI score0.00912EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/01/06 7:45 p.m.22 views

Incorrect sanitisation function leads to `XSS` in mermaid

Impact Malicious diagrams can contain javascript code that can be run at diagram readers machines. Patches The users should upgrade to version 8.13.8 Workarounds You need to upgrade in order to avoid this issue...

7.2CVSS2.8AI score0.00912EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/12/30 2:15 p.m.21 views

CVE-2021-43861

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...

7.2CVSS0.00912EPSS
Exploits0References3
Rows per page
Query Builder