This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Chris Grieger
eternalkyu.bsky.social
did:plc:ibozsnmxbnetewx45vysrhdr
I discovered two XSS flaws in mermaid (JS diagram library) last month. The advisories got published today.
CVE-2025-54880 (https://github.com/mermaid-js/mermaid/security/advisories/GHSA-8gwm-58g9-j8pw)
CVE-2025-54881 (https://github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh)
#xss #bugbounty
2025-08-19T18:47:44.112Z