QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-54881

Back to search

CVE-2025-54881

Published: Aug 19, 2025

Modified: Aug 19, 2025

PUBLISHED

Description

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS.

VendorProductVersions

mermaid-js

mermaid

affected
>= 10.9.0-rc.1, <= 11.9.0

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now