4 matches found
CVE-2026-26226
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
GHSA-CGMM-X5WW-Q5CR beautiful-mermaid contains an SVG attribute injection issue that can lead to cross-site scripting (XSS)
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
CVE-2026-26226
The CVE-2026-26226 issue affects beautiful-mermaid versions prior to 0.1.3, where user-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without proper escaping. This enables SVG attribute injection that can lead to cross-site scripting (XSS) ...
CVE-2026-26226 beautiful-mermaid < 0.1.3 SVG Attribute Injection
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...