Description
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
Remediation
References
https://github.com/mermaid-js/mermaid/releases/tag/8.11.0-rc2
https://github.com/mermaid-js/mermaid/pull/2123
https://github.com/mermaid-js/mermaid/issues/2122
Related Vulnerabilities
CVE-2020-6464 Vulnerability in maven package org.webjars.npm:electron
CVE-2019-17592 Vulnerability in maven package org.webjars.npm:csv-parse
CVE-2021-32854 Vulnerability in maven package org.webjars.bower:textangular
CVE-2021-22112 Vulnerability in maven package org.springframework.security:spring-security-core
CVE-2020-13920 Vulnerability in maven package org.apache.activemq:activemq-broker