1. XSS Vulnerability in MarkdownRenderer Exposes Wiki to Script Injection via rehype-raw and Loose Mermaid Configuration
A critical cross-site scripting vulnerability has been identified in the MarkdownRenderer component, potentially allowing users with wiki edit access to inject arbitrary JavaScript into the application. The flaw stems from two compounding misconfigurations: the component relies on `rehype-raw`, a plugin that passthough...