Discourse · Discourse-Mermaid-Theme-Component · CVE-2022-46180
**Name of the Vulnerable Software and Affected Versions**
Discourse Mermaid (discourse-mermaid-theme-component) version 1.0.0
**Description**
The issue allows users who can create posts to inject arbitrary HTML on that post, using the Mermaid syntax in Discourse, open-source forum software.
**Recommendations**
For version 1.0.0, update the theme component to version 1.1.0 through the admin UI to resolve the issue.
As a temporary workaround, consider disabling the discourse-mermaid-theme-component until the update is applied.