Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.11 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6.3AI score0.00869EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-31108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. A...

6.1CVSS6.2AI score0.00869EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/06/28 6:35 p.m.27 views

CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

4.1CVSS6.2AI score0.00869EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/06/28 6:35 p.m.4 views

CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

4.1CVSS6.3AI score0.00869EPSS
Exploits1References2
CVE
CVE
added 2022/06/28 6:35 p.m.106 views

CVE-2022-31108

Summary of CVE-2022-31108 (mermaid.js) : The vulnerability allows an attacker to inject arbitrary CSS into the generated graph, enabling styling changes to elements outside the SVG and potential information disclosure via CSS selectors that trigger HTTP requests. The issue is tied to how user inp...

6.1CVSS5AI score0.00869EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder