5 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-54881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. I...
Cross-site Scripting (XSS)
Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker can execute...
CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...
CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...
CVE-2025-54881
Technical details about CVE-2025-54881 are not publicly available in the provided connected documents. Monitor for updates.