Описание
Cross-Site Scripting in mermaid
Versions of mermaid prior to 8.2.3 are vulnerable to Cross-Site Scripting. If malicious input such as A["<img src=invalid onerror=alert('XSS')></img>"] is provided to the application, it will execute the code instead of rendering it as text due to improper output encoding.
Recommendation
Upgrade to version 8.2.3 or later
Пакеты
Наименование
mermaid
npm
Затронутые версииВерсия исправления
< 8.2.3
8.2.3
Дефекты
CWE-79
Дефекты
CWE-79