CVE-2024-26467

Name of the Vulnerable Software and Affected Versions tabatkins/railroad-diagrams versions before commit ea9a123

Description A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams allows attackers to execute arbitrary Javascript via sending a crafted URL.

Recommendations For versions before commit ea9a123, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the generator.html component until a patch is available. Avoid using crafted URLs that could exploit this issue until the vulnerability is resolved.