CVE-2022-46180

MEDIUM Year: 2022
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.

Related Vulnerabilities

CVE-2013-4318

MEDIUM
CVSS:5.4(Medium)

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.

CWE-742013

CVE-2016-5013

MEDIUM
CVSS:5.4(Medium)

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.

CWE-742016

CVE-2017-1115

MEDIUM
CVSS:5.4(Medium)

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the securit...

CWE-742017

CVE-2017-1202

MEDIUM
CVSS:5.4(Medium)

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's ...

CWE-742017

CVE-2018-1549

MEDIUM
CVSS:5.4(Medium)

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL t...

CWE-742018

CVE-2018-1896

MEDIUM
CVSS:5.4(Medium)

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

CWE-742018