PT-2020-21536 · Mermaid · Mermaid

Published

2020-09-02

·

Updated

2020-09-02

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions mermaid versions prior to 8.2.3
Description The issue allows for Cross-Site Scripting attacks. If malicious input, such as A["<img src=invalid onerror=alert('XSS')</img>"], is provided to the application, it will execute the code instead of rendering it as text due to improper output encoding.
Recommendations Upgrade to version 8.2.3 or later

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-W32G-5HQP-GG6Q

Affected Products

Mermaid