3 matches found
CVE-2026-0858
A flaw was found in PlantUML. This vulnerability, known as Stored Cross-Site Scripting XSS, occurs due to insufficient sanitization of interactive attributes within GraphViz diagrams. A remote attacker can exploit this by crafting a malicious PlantUML diagram, which then injects harmful JavaScrip...
GHSA-P3RP-VMJ9-GV6V Incorrect sanitisation function leads to `XSS` in mermaid
Impact Malicious diagrams can contain javascript code that can be run at diagram readers machines. Patches The users should upgrade to version 8.13.8 Workarounds You need to upgrade in order to avoid this issue...
CVE-2021-43861
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...