
We found results for “”
CVE-2025-54881
Good to know:

Date: August 19, 2025
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS.
Severity Score
Related Resources (7)
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix

Upgrade Version
Upgrade to version mermaid - 11.10.0;mermaid - 11.10.0;mermaid - 10.9.4;mermaid - 11.10.0;mermaid - 11.10.0;mermaid - 10.9.4;https://github.com/mermaid-js/mermaid.git - mermaid@11.10.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | NONE |