Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-54881

Опубликовано: 19 авг. 2025
Источник: debian

Описание

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
node-mermaidremovedpackage

Примечания

  • https://github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh

Связанные уязвимости

ubuntu
9 дней назад

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS.

nvd
9 дней назад

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS.

github
9 дней назад

Mermaid improperly sanitizes sequence diagram labels leading to XSS