2 matches found
Arbitrary Code Injection
Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of input passed to the addStyleClass function. An attacker c...
Cross-site Scripting (XSS)
Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the node labels which were introduced in 734bde3. An attacker can execute arbitrary...