{"uuid": "1175174d-d37f-41f7-b1b9-262f2b63b43a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46180", "type": "seen", "source": "https://t.me/cibsecurity/55911", "content": "\u203c CVE-2022-46180 \u203c\n\nDiscourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T20:18:21.000000Z"}