CVE-2022-3138 Cross-site Scripting (XSS) - Generic in jgraph/drawio

Cross-site Scripting XSS - Generic in GitHub repository jgraph/drawio prior to 20.3.0...

CVE-2022-3138

CVE-2022-3138 is a Cross-site Scripting (XSS) vulnerability in the GitHub repository for jgraph/drawio, affecting versions prior to 20.3.0. The issue stems from how the application handles a URL parameter used for refresh/back actions, leading to potential script injection via location.href witho...

CVE-2022-3148

CVE-2022-3148 describes a Cross-site Scripting (XSS) vulnerability in JGraph Draw.io (GitHub: jgraph/drawio) prior to version 20.3.0. The issue arises from how the application processes the use tag with dompurify, enabling an XSS payload to bypass CSP in some scenarios (e.g., a crafted SVG refere...

CVE-2022-3148 Cross-site Scripting (XSS) - Generic in jgraph/drawio

Cross-site Scripting XSS - Generic in GitHub repository jgraph/drawio prior to 20.3.0...

CVE-2022-3148 Cross-site Scripting (XSS) - Generic in jgraph/drawio

Cross-site Scripting XSS - Generic in GitHub repository jgraph/drawio prior to 20.3.0...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A cross-site scripting vulnerability exists in JGraph draw.io versions prior to 20.3.0, which stems from the application allowing the "use" tag to be passed to dompurify when "U" is imported before a "?" When...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A cross-site scripting vulnerability exists in JGraph draw.io versions prior to 20.3.0, which stems from the application using a parameter to specify a url on the refresh and back buttons, assigning it to...

CVE-2022-3127

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 20.2.8...

CVE-2022-3127

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 20.2.8...

CVE-2022-3127 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 20.2.8...

CVE-2022-3127

CVE-2022-3127 describes a stored Cross-site Scripting (XSS) vulnerability in the GitHub project jgraph/drawio, affecting versions prior to 20.2.8. The issue is documented across multiple sources (NVD, Red Hat, CVE List, OSV, etc.) as an XSS in draw.io prior to 20.2.8. The connected documents prov...

CVE-2022-3127 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 20.2.8...

PT-2022-20658 · Unknown · Jgraph/Drawio

Name of the Vulnerable Software and Affected Versions: jgraph/drawio versions prior to 20.2.8 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs in the GitHub repository jgraph/drawio. Recommendations: For versions prior to 20.2.8, update to version 20.2.8 or lat...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A cross-site scripting vulnerability exists in JGraph draw.io prior to version 20.2.8...

CVE-2022-3065

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8...

CVE-2022-3065

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8...

CVE-2022-3065

CVE-2022-3065 corresponds to an Improper Access Control in the GitHub repository jgraph/drawio, affecting versions prior to 20.2.8. Multiple connected sources describe the issue as arising from inadequate access control tied to the proxy URL parameter, with no rate‑limiting, which could enable ab...

CVE-2022-3065 Improper Access Control in jgraph/drawio

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8...

CVE-2022-3065 Improper Access Control in jgraph/drawio

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8...

PT-2022-20226 · Unknown · Jgraph/Drawio

Name of the Vulnerable Software and Affected Versions: jgraph/drawio versions prior to 20.2.8 Description: The issue is related to improper access control in the GitHub repository jgraph/drawio. Recommendations: For versions prior to 20.2.8, update to version 20.2.8 or later to resolve the issue...