CVE-2023-3973 Cross-site Scripting (XSS) - Reflected in jgraph/drawio

Cross-site Scripting XSS - Reflected in GitHub repository jgraph/drawio prior to 21.6.3...

CVE-2023-3973

CVE-2023-3973 is a cross-site scripting (XSS) vulnerability reported as a reflected XSS in jgraph/drawio prior to version 21.6.3. Multiple sources in the connected set describe an XSS vector that can be triggered via user-controlled labels and plugin handling, including HTML decoding and injectio...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A cross-site scripting vulnerability exists in JGraph draw.io versions prior to 21.6.3 that stems from vulnerability to reflective cross-site scripting XSS attacks...

JGraph draw.io 操作系统命令注入漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. An operating system command injection vulnerability exists in JGraph draw.io versions prior to 21.5.0, which stems from vulnerability to operating system command injection attacks...

JGraph draw.io 操作系统命令注入漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. An operating system command injection vulnerability exists in JGraph draw.io versions prior to 21.4.0, which stems from vulnerability to operating system command injection attacks...

CVE-2023-3398

Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3...

Denial of service

Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3...

CVE-2023-3398 Denial of Service in jgraph/drawio

Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3...

CVE-2023-3398

CVE-2023-3398 affects the JGraph Drawio project. Affected software: drawio (GitHub repository jgraph/drawio) prior to version 18.1.3. Root cause and impact: a Denial of Service leads to degraded/blocked service when handling large uploads, with the observed impact described as DoS and confirmed b...

CVE-2023-3398 Denial of Service in jgraph/drawio

Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3...

drawio 资源管理错误漏洞

JGraph drawio is a JavaScript client editor from JGraph. A resource management error vulnerability exists in versions of drawio prior to 18.1.3, which stems from an upload of a large file causing a system denial of service...

PT-2023-24613 · Unknown · Jgraph/Drawio

Name of the Vulnerable Software and Affected Versions: jgraph/drawio versions prior to 18.1.3 Description: The issue is related to a Denial of Service in the GitHub repository jgraph/drawio. Recommendations: For versions prior to 18.1.3, update to version 18.1.3 or later to resolve the issue...

CVE-2023-3026

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 21.2.8...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 21.2.8...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A cross-site scripting vulnerability exists in JGraph draw.io versions prior to 21.2.8 that stems from the presence of stored cross-site scripting attacks XSS...

CVE-2023-3026 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 21.2.8...

CVE-2023-3026

The CVE-2023-3026 entry corresponds to a Stored Cross-Site Scripting (XSS) vulnerability in jgraph/drawio, affecting versions prior to 21.2.8. The issue is caused by improper handling of user input stored in the application, enabling XSS payloads to execute when loaded. Public documentation provi...

CVE-2023-3026 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 21.2.8...

CVE-2023-3026 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 21.2.8...

PT-2023-22610 · Jgraph · Jgraph/Drawio

Name of the Vulnerable Software and Affected Versions: jgraph/drawio versions prior to 21.2.8 Description: The issue is related to Cross-site Scripting XSS - Stored. This type of attack occurs when an application stores user input that contains malicious code, which is then executed by the...