Description
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
Remediation
References
https://github.com/mermaid-js/mermaid/issues/2122
https://github.com/mermaid-js/mermaid/pull/2123
https://github.com/mermaid-js/mermaid/releases/tag/8.11.0-rc2
Related Vulnerabilities
CVE-2019-5437 Vulnerability in npm package harp
CVE-2020-2120 Vulnerability in maven package org.jenkins-ci.plugins:fitnesse
CVE-2020-26870 Vulnerability in maven package org.webjars.bowergithub.cure53:dompurify
CVE-2018-15494 Vulnerability in npm package dojox
CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-markdown-gfm