mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips()...
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with...
6.1CVSS
6.1AI Score
0.001EPSS
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by...
9.8CVSS
9.2AI Score
0.007EPSS