Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2025/08/19 8:16 p.m.2 views

GHSA-8GWM-58G9-J8PW Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for architecture diagram icons is passed to the d3 html method, creating a sink for cross site scripting. Details Architecture diagram service iconText values are passed to the d3 html method, allowing malicious users to...

5.1CVSS5.8AI score0.00016EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2025/08/19 8:16 p.m.11 views

Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for architecture diagram icons is passed to the d3 html method, creating a sink for cross site scripting. Details Architecture diagram service iconText values are passed to the d3 html method, allowing malicious users to...

6.1CVSS5.3AI score0.00016EPSS
Exploits1References5Affected Software1
Snyk
Snykadded 2025/08/19 8:16 p.m.1 views

Cross-site Scripting (XSS)

Overview @mermaid-js/tiny is a Tiny version of mermaid Affected versions of this package are vulnerable to Cross-site Scripting XSS via the node labels which were introduced in 734bde3. An attacker can execute arbitrary JavaScript in the context of the application by injecting malicious HTML...

5.4CVSS5.5AI score0.00016EPSS
Exploits1References2
Snyk
Snykadded 2025/08/19 8:16 p.m.1 views

Cross-site Scripting (XSS)

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the node labels which were introduced in 734bde3. An attacker can execute arbitrary JavaScript in the...

5.4CVSS5.5AI score0.00016EPSS
Exploits1References2
Snyk
Snykadded 2025/08/19 8:16 p.m.2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the node labels which were introduced in 734bde3. An attacker can execute arbitrary...

6.1CVSS6AI score0.00016EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/08/19 4:58 p.m.6 views

CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

5.1CVSS0.00016EPSS
Exploits1References3
Rows per page
Query Builder