GCVE - cpe:2.3:a:discourse:discourse-mermaid-theme-component:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:discourse:discourse-mermaid-theme-component:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Discourse (`2d3c125b-857a-5933-b846-ed7f9d5e0225`)
Product	Discourse Mermaid Theme Component (`de962675-0628-5851-be3e-9dc38ac8a1e1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/discourse/discourse-mermaid-theme-component`	purl2cpe	2026-06-01 10:13:03.676307

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-46180`	vulnerable	2026-06-03 14:48:25.750682	Arbitrary HTML injection in discourse-mermaid-theme-component MEDIUM (5) Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component. Published: 2023-01-04T16:44:54.487Z Updated: 2025-03-10T21:32:39.201Z Open on db.gcve.eu Reference links https://github.com/discourse/discourse-mermaid-theme-component/security/advisories/GHSA-8437-hgcm-p3q3 https://github.com/discourse/discourse-mermaid-theme-component/pull/14 https://github.com/discourse/discourse-mermaid-theme-component/commit/c10bc4a08bf865cee20e5d5dffba535762813f0f	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.