Description
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
Remediation
References
https://github.com/mermaid-js/mermaid/issues/2122
https://github.com/mermaid-js/mermaid/pull/2123
https://github.com/mermaid-js/mermaid/releases/tag/8.11.0-rc2
Related Vulnerabilities
CVE-2022-40309 Vulnerability in maven package org.apache.archiva:maven2-repository
CVE-2017-15879 Vulnerability in npm package keystone
CVE-2022-39353 Vulnerability in npm package @xmldom/xmldom
CVE-2016-10533 Vulnerability in npm package express-restify-mongoose
CVE-2018-9207 Vulnerability in maven package org.webjars.bowergithub.blueimp:jquery-file-upload