Description
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
Recommendation
Update the mermaid package to the latest compatible version. Followings are version details:
- Affected version(s): < 8.11.0
- Patched version(s): 8.11.0
References
Related Issues
- Options structure open to Cross-site Scripting if passed unfiltered - CVE-2021-29489
- Margox Braft-Editor Cross-site Scripting Vulnerability - CVE-2021-27524
- textAngular Cross-site Scripting vulnerability - CVE-2021-32854
- Vditor Cross-site Scripting vulnerability - CVE-2021-32855
You might also like:
- Tags:
- npm
- mermaid
Anything's wrong? Let us know Last updated on February 01, 2023


