Lucene search
K

6 matches found

Veracode
Veracode
added 2025/09/09 9:26 a.m.5 views

Cross-Site Scripting (XSS)

Mermaid is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to user-supplied input for architecture diagram icons being passed to the d3 html method, which allows an attacker to inject and execute malicious scripts...

6.1CVSS6.5AI score0.00339EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/08/19 5:15 p.m.8 views

CVE-2025-54880

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

6.1CVSS0.00339EPSS
Exploits1References3
CVE
CVE
added 2025/08/19 4:58 p.m.76 views

CVE-2025-54880

CVE-2025-54880 affects mermaid up to version 11.9.0 where user-provided input for architecture diagrams is passed to d3.html(), creating a cross-site scripting sink. The CVE description notes the issue is fixed in 11.10.0. Connected GHSA advisory for Gogs highlights stored XSS via mermaid diagram...

6.1CVSS6.3AI score0.00339EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/08/19 4:58 p.m.8 views

CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

5.1CVSS5.7AI score0.00339EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.6 views

PT-2025-33815 · Mermaid +1 · Mermaid +1

Name of the Vulnerable Software and Affected Versions: Mermaid versions prior to 11.10.0 Description: Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration,...

5.1CVSS6.6AI score0.00339EPSS
Exploits1References15
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.5 views

Mermaid 安全漏洞

Mermaid is a mermaid-js open source application. Creates diagrams and visualizations using text and code. A security vulnerability exists in Mermaid 11.9.0 and earlier versions, which stems from user-entered architecture diagram icons being passed to the d3 html method, potentially leading to...

6.1CVSS6.3AI score0.00339EPSS
Exploits1References4
Rows per page
Query Builder