Lucene search
K

4 matches found

Patchstack
Patchstack
added 2026/05/11 7:37 p.m.14 views

NPM: Mermaid: Improper sanitization of configuration leads to CSS injection

NPM: Mermaid: Improper sanitization of configuration leads to CSS injection vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...

5.8AI score0.00398EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2025/08/19 8:16 p.m.1 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker...

6.1CVSS5.9AI score0.0071EPSS
Exploits0References2
OSV
OSV
added 2025/08/19 5:15 p.m.4 views

UBUNTU-CVE-2025-54881

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

5.3CVSS5.8AI score0.0071EPSS
Exploits0References5
OSV
OSV
added 2022/06/28 7:15 p.m.1 views

UBUNTU-CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6.5AI score0.00849EPSS
Exploits1References4
Rows per page
Query Builder