CNNVD-202602-2276 Information
CNNVD ID
CNNVD-202602-2276
Related CVE
- CNNVD Published: 2026-02-13
Description (Chinese)
beautiful-mermaid是Craft Docs开源的一个可视化人工智能助手数据流的工具。 beautiful-mermaid 0.1.3之前版本存在跨站脚本漏洞,该漏洞源于SVG属性注入问题,可能导致渲染攻击者控制的Mermaid图表时发生跨站脚本攻击。
Description (English)
Beautiful-mermaid is a visualised artificial intelligence assistant data stream for Craft Docs. The pre-beautiful-mermaid 0.1.3 version had a cross-site script loophole, which stemmed from the SVG attribute injection problem and could lead to a cross-stop script attack while reproducing the attacker-controlled Mermaid diagrams.
Vulnerability Type
跨站脚本
Affected Vendor
Craft Docs
Published
2026-02-13
Last Modified
2026-02-24
References
https://github.com/lukilabs/beautiful-mermaid/pull/8 https://github.com/lukilabs/beautiful-mermaid/releases/tag/v0.1.3 https://neo.projectdiscovery.io/share/cec71dc7-a8eb-417e-b8b4-666644796c1e https://www.vulncheck.com/advisories/beautiful-mermaid-svg-attribute-injection
Patch
https://github.com/lukilabs/beautiful-mermaid/releases
Share on: