Description
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
Recommendation
Update the mermaid package to the latest compatible version. Followings are version details:
- Affected version(s): < 8.11.0
- Patched version(s): 8.11.0
References
Related Issues
- Options structure open to Cross-site Scripting if passed unfiltered - CVE-2021-29489
- Cross-site scripting in react-bootstrap-table - CVE-2021-23398
- Cross-site Scripting in curly-bracket-parser - CVE-2021-23416
- Cross-site Scripting in file-upload-with-preview - CVE-2021-23439
- Tags:
- npm
- mermaid
Anything's wrong? Let us know Last updated on February 01, 2023