Description
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
Remediation
References
https://github.com/mermaid-js/mermaid/issues/2122
https://github.com/mermaid-js/mermaid/pull/2123
https://github.com/mermaid-js/mermaid/releases/tag/8.11.0-rc2
Related Vulnerabilities
CVE-2019-5457 Vulnerability in npm package min-http-server
CVE-2015-7559 Vulnerability in maven package org.apache.activemq:activemq-all
CVE-2020-28479 Vulnerability in maven package org.webjars.bower:jointjs
CVE-2023-48967 Vulnerability in maven package org.noear:solon.serialization.fury
CVE-2019-16548 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine