beautiful-mermaid contains an SVG attribute injection issue that can lead to cross-site scripting (XSS)

beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...

CVE-2026-26226 beautiful-mermaid < 0.1.3 SVG Attribute Injection

beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...

CVE-2025-3414

The Structured Content JSON-LD wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Unspecified Vulnerability in Mozilla Firefox (CNVD-2021-04657)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 84. When an HTTPS page is embedded in an HTTP paqe and a service worker is registered for the former, the service worker can interce...