CVE-2022-1784 Server-Side Request Forgery (SSRF) in jgraph/drawio

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...

CVE-2022-1784 Server-Side Request Forgery (SSRF) in jgraph/drawio

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.8...

CVE-2022-1784

CVE-2022-1784 affects jgraph/drawio prior to 18.0.8 with a Server-Side Request Forgery (SSRF). The connected Huntr entry details an SSRF vector in EmbedServlet2.java where redirects are followed by default via url.openConnection(), and the redirections are not validated, enabling an attacker to r...

JGraph draw.io 代码问题漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A security vulnerability exists in JGraph draw.io prior to version 18.0.0, which can be exploited by an attacker to cause server-side request forgery SSRF...

CVE-2022-1730

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 18.0.4...

CVE-2022-1730

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 18.0.4...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 18.0.4...

CVE-2022-1730

CVE-2022-1730 affects jgraph/drawio (prior to version 18.0.4). The stored XSS vulnerability arises from insufficient data validation/filtering of user-supplied data, allowing injected scripts to be stored and later executed in the client. Impact is client-side script execution (XSS) for affected ...

CVE-2022-1730 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 18.0.4...

CVE-2022-1730 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 18.0.4...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable charting/whiteboard visualization application for JGraph. versions prior to JGraph draw.io 18.0.4 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could explo...

PT-2022-14079 · Jgraph · Jgraph/Drawio

Name of the Vulnerable Software and Affected Versions: jgraph/drawio versions prior to 18.0.4 Description: The issue is related to Cross-site Scripting XSS - Stored. This means that an attacker can inject malicious scripts into a website, which are then stored on the server and executed by other...

CVE-2022-1774

CVE-2022-1774 affects the jgraph/drawio project prior to version 18.0.7. The provided connected sources consistently describe exposure of sensitive information to an unauthorized actor in the draw.io GitHub repository, with multiple entries corroborating the issue and noting the fixed version as ...

CVE-2022-1774 Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7...

CVE-2022-1767

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.7...

CVE-2022-1767

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.7...

CVE-2022-1767 Server-Side Request Forgery (SSRF) in jgraph/drawio

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.7...

CVE-2022-1767 Server-Side Request Forgery (SSRF) in jgraph/drawio

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.7...

CVE-2022-1767

The CVE-2022-1767 instance concerns a Server-Side Request Forgery (SSRF) in the GitHub repository jgraph/drawio, affecting versions prior to 18.0.7. Affected component: draw.io server-side handling could be tricked into issuing unintended requests. Impact reported in CVSS: CVSS3.1 base score 7.5 ...

CVE-2022-1727

Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6...