Lucene search

K
githubGitHub Advisory DatabaseGHSA-XM59-JVXM-CP3V
HistoryMay 24, 2022 - 4:49 p.m.

mxGraph vulnerable to cross-site scripting in color field

2022-05-2416:49:07
CWE-79
GitHub Advisory Database
github.com
7
mxgraph
cross-site scripting
draw.io diagrams
confluence
html and javascript
browser security
poc

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.0%

mxGraph through 4.0.0, related to the draw.io Diagrams plugin before 8.3.14 for Confluence and other products, is vulnerable to cross-site scripting. draw.io Diagrams allows the creation and editing of draw.io-based diagrams in Confluence. Among other things, it allows to set the background color of text displayed in the diagram. The color provided by the user is notproperly sanitized, leading to HTML and JavaScript code to be displayed “as it is” to visitors of the page. This allows attackers to execute JavaScript code in the context of the visitor’s browser and session and to e.g. run Confluence command under the visitor’s user or attack the visitor’s browser.

Proof of Concept (PoC):

  1. Create a new draw.io Diagram, add an element and edit its background color and enter some text to the element
  2. Enter the following “color”: onMouseOver=alert(1) a=
  3. Save and view the resulting diagram, moving your mouse over the text

Affected configurations

Vulners
Node
jgraphmxgraphRange4.0.0
CPENameOperatorVersion
mxgraphle4.0.0

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.0%