CNNVD-202508-2190 Information
CNNVD ID
CNNVD-202508-2190
Related CVE
- CNNVD Published: 2025-08-19
Description (Chinese)
Mermaid是mermaid-js开源的一个应用软件。使用文本和代码创建图表和可视化。 Mermaid 10.9.0-rc.1版本至11.9.0版本存在跨站脚本漏洞,该漏洞源于用户输入的序列图标签传递给innerHTML,可能导致跨站脚本。
Description (English)
Mermaid is an application of the mermaid-js open source. Creates charts and visualizations using text and code. Mermaid 10.9.0-rc.1 to 11.9.0 has a cross-site script loophole, which stems from the transfer to InnerHTML of the user-inputed serial chart label, which may result in a cross-site script.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
mermaid-js
Published
2025-08-19
Last Modified
2026-02-24
References
https://github.com/mermaid-js/mermaid/commit/685516a85ec1df64cefd4fd15f26533be87d458e https://github.com/mermaid-js/mermaid/commit/5c69e5fdb004a6d0a2abe97e23d26e223a059832 https://github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh https://nvd.nist.gov/vuln/detail/CVE-2025-54881
Patch
https://github.com/mermaid-js/mermaid/releases
Share on: