Fourcube

Name of the Vulnerable Software and Affected Versions: Mermaid versions prior to 11.10.0 Description: Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration, user-supplied input for architecture diagram icons is passed to the d3 `html()` method, creating a cross-site scripting sink. Recommendations: Update to version 11.10.0 or later.

Name of the Vulnerable Software and Affected Versions: Mermaid versions 10.9.0-rc.1 through 11.9.0 Description: Mermaid is a JavaScript-based diagramming and charting tool that utilizes Markdown-inspired text definitions and a renderer to create and modify diagrams. In the default configuration, user-supplied input for sequence diagram labels is passed to `innerHTML` during element size calculation, leading to a cross-site scripting (XSS) issue. Recommendations: Update to a version beyond 11.9.0.