Incorrect sanitisation function leads to `XSS`

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Mermaid 安全漏洞

Mermaid是一个应用软件。使用文本和代码创建图表和可视化。 Mermaid 8.13.8之前版本存在安全漏洞，攻击者可利用该漏洞通过恶意图表在阅读图表的机器上运行javascript代码。

N/A

N/A