4 matches found
NPM: Mermaid: Improper sanitization of configuration leads to CSS injection
NPM: Mermaid: Improper sanitization of configuration leads to CSS injection vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...
Cross-site Scripting (XSS)
Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker...
UBUNTU-CVE-2025-54881
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...
UBUNTU-CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...