Mermaid, a JavaScript diagramming library, contains an HTML injection vulnerability in its state diagram classDef directive. Affected versions (10.9.5 and earlier, plus 11.0.0-alpha.1 through 11.14.0) allow DOM injection that escapes the SVG rendering context. While <script> tags are filtered preventing XSS, the injection can still manipulate page structure and potentially enable phishing or UI redressing [truncated]
Mermaid, a JavaScript diagramming library, contains a CSS injection vulnerability in versions 10.9.5 and prior, as well as 11.0.0-alpha.1 through 11.12.0. The flaw exists in the state diagram parser and other diagram types that route user-controlled style strings through createCssStyles. The classDef values are captured using an unrestricted regex matching everything up to a newline, which then flows unsa [truncated]
