5 matches found
CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
Linux Distros Unpatched Vulnerability : CVE-2022-31108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. A...
CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
CVE-2022-31108
Summary of CVE-2022-31108 (mermaid.js) : The vulnerability allows an attacker to inject arbitrary CSS into the generated graph, enabling styling changes to elements outside the SVG and potential information disclosure via CSS selectors that trigger HTTP requests. The issue is tied to how user inp...