Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/16 6:30 a.m.5 views

CVE-2026-0858

A flaw was found in PlantUML. This vulnerability, known as Stored Cross-Site Scripting XSS, occurs due to insufficient sanitization of interactive attributes within GraphViz diagrams. A remote attacker can exploit this by crafting a malicious PlantUML diagram, which then injects harmful JavaScrip...

6.1CVSS5.6AI score0.00303EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/01/16 6:30 a.m.9 views

PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...

6.1CVSS6.3AI score0.00303EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/16 5:0 a.m.2 views

CVE-2026-0858

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...

6.1CVSS5.9AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/16 5:0 a.m.5 views

EUVD-2026-2918

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...

6.1CVSS5.8AI score0.00303EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/01/16 5:0 a.m.5 views

CVE-2026-0858

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...

6.1CVSS5.8AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.5 views

PT-2026-3219

Name of the Vulnerable Software and Affected Versions net.sourceforge.plantuml:plantuml versions prior to 1.2026.0 Description The software is susceptible to a Stored Cross-Site Scripting XSS issue because of inadequate sanitization of interactive attributes within GraphViz diagrams. A specially...

6.1CVSS5.8AI score0.00303EPSS
Exploits0References16
Rows per page
Query Builder