Lucene search
+L

118 matches found

RedhatCVE
RedhatCVE
added 2026/06/08 2:59 p.m.11 views

CVE-2026-41159

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious Cascading Style Sheets CSS through specific configuration options, such as fontFamily, themeCSS, and altFontFamily. This injected CSS can bypa...

5.4CVSS6.1AI score0.00398EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40596

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS5.5AI score0.00424EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 3:16 p.m.7 views

DEBIAN-CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/29 3:16 p.m.17 views

CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References7
OSV
OSV
added 2026/05/29 3:16 p.m.9 views

UBUNTU-CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/29 1:53 p.m.40 views

CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS0.00398EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/29 1:53 p.m.10 views

CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:53 p.m.8 views

CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/29 1:53 p.m.1 views

CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS6AI score0.00398EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Mermaid 代码注入漏洞

Mermaid is an open-source application software developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 contain a code injection vulnerability. This vulnerability stems from the default configuration, which allows CSS to b...

5.3CVSS5.9AI score0.00398EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/22 7:25 p.m.11 views

EUVD-2026-31492

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:25 p.m.8 views

CVE-2026-40596

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/22 7:25 p.m.2 views

CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS6AI score0.00424EPSS
Exploits0References7
CVE
CVE
added 2026/05/22 7:25 p.m.42 views

CVE-2026-40596

Summary (CVE-2026-40596): MantisBT versions 2.11.0–2.28.1 are vulnerable to cross-site scripting via an authenticated user updating their font-family preference. The XSS payload is reflected on every page; with a CSP bypass (GHSA-9c3j-xm6v-j7j3) this could enable account takeover. The issue is fi...

7.2CVSS5.8AI score0.00424EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/22 7:25 p.m.12 views

CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS0.00424EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 7:25 p.m.8 views

CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.14 views

MantisBT 2.11.0 < 2.28.2 Font Family Preference XSS (GHSA-j3v9-553h-x28j)

The version of MantisBT installed on the remote host is 2.11.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference. CVE-2026-40596 Note that Nessus has not tested for...

7.2CVSS5.8AI score0.00424EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 7:37 p.m.26 views

Arbitrary Code Injection

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of configuration options such as fontFamily, themeCSS, and altFontFamily. An...

7.1CVSS5.9AI score0.00398EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 7:37 p.m.13 views

Mermaid: Improper sanitization of configuration leads to CSS injection

Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. Live demo: mermaid.live Example code: %%init: "fontFamily": "x;ab :not&background:green !important cd"%% flowchart LR A --...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/05/11 7:37 p.m.16 views

Arbitrary Code Injection

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of configuration options such as fontFamily, themeCSS, and...

6.1CVSS5.9AI score0.00398EPSS
Exploits0References2
Rows per page
Query Builder