CNNVD-202508-2184 Information
CNNVD ID
CNNVD-202508-2184
Related CVE
- CNNVD Published: 2025-08-19
Description (Chinese)
Mermaid是mermaid-js开源的一个应用软件。使用文本和代码创建图表和可视化。 Mermaid 11.9.0及之前版本存在安全漏洞,该漏洞源于用户输入的架构图图标传递给d3 html方法,可能导致跨站脚本。
Description (English)
Mermaid is an application of the mermaid-js open source. Creates charts and visualizations using text and code. Mermaid 11.9.0 and previous versions had a security loophole, which stemmed from the transfer of the framework chart icon entered by the user to the d3 html method, which could result in a cross-site script.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
mermaid-js
Published
2025-08-19
Last Modified
2026-02-24
References
https://github.com/mermaid-js/mermaid/commit/734bde38777c9190a5a72e96421c83424442d4e4 https://github.com/mermaid-js/mermaid/security/advisories/GHSA-8gwm-58g9-j8pw https://github.com/mermaid-js/mermaid/commit/2aa83302795183ea5c65caec3da1edd6cb4791fc https://nvd.nist.gov/vuln/detail/CVE-2025-54880
Patch
https://github.com/mermaid-js/mermaid/releases
Share on: