6 matches found
Cross-Site Scripting (XSS)
Mermaid is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to user-supplied input for architecture diagram icons being passed to the d3 html method, which allows an attacker to inject and execute malicious scripts...
CVE-2025-54880
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...
CVE-2025-54880
CVE-2025-54880 affects mermaid up to version 11.9.0 where user-provided input for architecture diagrams is passed to d3.html(), creating a cross-site scripting sink. The CVE description notes the issue is fixed in 11.10.0. Connected GHSA advisory for Gogs highlights stored XSS via mermaid diagram...
CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...
PT-2025-33815 · Mermaid +1 · Mermaid +1
Name of the Vulnerable Software and Affected Versions: Mermaid versions prior to 11.10.0 Description: Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration,...
Mermaid 安全漏洞
Mermaid is a mermaid-js open source application. Creates diagrams and visualizations using text and code. A security vulnerability exists in Mermaid 11.9.0 and earlier versions, which stems from user-entered architecture diagram icons being passed to the d3 html method, potentially leading to...