Lucene search
Veracode Vulnerability DatabaseVERACODE:33547HistoryJan 07, 2022 - 6:54 a.m.
Cross-site Scripting (XSS)
2022-01-0706:54:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
28
0.001 Low
EPSS
Percentile
24.8%
mermaid is vulnerable to cross-site scripting. The vulnerability exists in the sanitizeUrl function in the svgDraw.js, allowing an attacker to inject and execute malicious javascript through the malicious diagrams.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mermaid | le | 8.13.7 | |
| mermaid | le | 8.13.7 | |
| mermaid | le | 8.13.7 | |
| mermaid | le | 8.13.7 | |
| node-mermaid:sid | eq | 8.7.0+ds+~cs27.17.17-2 | |
| node-mermaid:bullseye | eq | 8.7.0+ds+~cs27.17.17-2 |
References
github.com/advisories/GHSA-p3rp-vmj9-gv6v
github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
github.com/mermaid-js/mermaid/commit/f4c335ad2f4059b3fbf9114f37440e77f8ca9a4d
github.com/mermaid-js/mermaid/releases/tag/8.13.8
github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
Related
ubuntucve
ubuntucve
CVE-2021-43861
2021-12-30 00:00:00
cve
cve
CVE-2021-43861
2021-12-30 14:15:07
debiancve
debiancve
CVE-2021-43861
2021-12-30 14:15:07
nvd
nvd
CVE-2021-43861
2021-12-30 14:15:07
github
github
Incorrect sanitisation function leads to `XSS` in mermaid
2022-01-06 19:45:59
cvelist
cvelist
CVE-2021-43861 Incorrect sanitisation function leads to `XSS`
2021-12-30 13:40:11
osv
osv
Incorrect sanitisation function leads to `XSS` in mermaid
2022-01-06 19:45:59
CVE-2021-43861
2021-12-30 14:15:07
prion
prion
Design/Logic Flaw
2021-12-30 14:15:00