Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js
Vulnerability Description
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Mermaid 跨站脚本漏洞
Vulnerability Description
Mermaid是一个应用软件。使用文本和代码创建图表和可视化。 Mermaid 9.1.3之前版本存在跨站脚本漏洞,该漏洞源于只要有实际匹配,浏览器就会发出一个 http 请求,以 load 一个背景图像,让攻击者知道该字符的值是什么,攻击者利用该漏洞能够将任意 CSS 注入到生成的图形中,从而允许他们更改生成图形之外的元素样式,并可能通过使用特制的“CSS”选择器泄露敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A