Lucene search
@huntrdevCVE-2022-3127HistorySep 05, 2022 - 1:15 p.m.
CVE-2022-3127
2022-09-0513:15:08
CWE-79
@huntrdev
web.nvd.nist.gov
51
3
cve-2022-3127
cross-site scripting
xss
github
jgraph
drawio
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
30.0%
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.
Affected configurations
Node
diagramsdrawioRange<20.2.8
CNA Affected
[
{
"product": "jgraph/drawio",
"vendor": "jgraph",
"versions": [
{
"lessThan": "20.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
CVE-2022-3127 Cross-site Scripting (XSS) - Stored in jgraph/drawio
2022-09-05 12:50:09
huntr
huntr
XSS with CSP bypass on WEB instances
2022-09-05 09:16:56
nvd
nvd
CVE-2022-3127
2022-09-05 13:15:08
prion
prion
Cross site scripting
2022-09-05 13:15:00
osv
osv
CVE-2022-3127
2022-09-05 13:15:08
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
30.0%
Related for CVE-2022-3127