1. Chat Application Frontend Embeds Mermaid with Disabled XSS Protections, Raising Injection Risk
A frontend component responsible for rendering architecture diagrams in a chat application has been identified with a configuration that actively disables built-in security safeguards. The `ArchitectureDiagram` component initializes the Mermaid diagram library with `securityLevel: 'loose'`, a setting that strips away t...